Early Intrusion Detection for OS Scan Attacks

Network Intrusion Detection Systems (NIDS) are concerned with the discovery of unauthorized accesses to computer networks by analyzing the traffic in order to detect malicious activity. In the event of an intrusion, the time elapsed until the detection is a key factor to break the Cyber Kill Chain. State-of-the-art studies use a traditional evaluation based on standard accuracy metrics (e.g. precision or F-measure) without taking into account the time required to detect a threat. In this paper, we formally define the early intrusion detection problem. We perform a thorough evaluation adapting existing time-aware metrics to the early detection of threats on a computer network and we also propose a new metric (i.e. NormERDE). Our results show how a good performance on standard metrics may not correspond to good results on early detection metrics. For instance, a technique with a high level of precision could need too much time to detect a threat. Therefore, in this paper we propose taking into account time-aware metrics in NIDS evaluations due to the importance of this factor in a real world environment.

[1]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[2]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[3]  Fabio Crestani,et al.  A Test Collection for Research on Depression and Language Use , 2016, CLEF.

[4]  Sudarshan S. Chawathe,et al.  Monitoring IoT Networks for Botnet Activity , 2018, 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA).

[5]  Reyadh Shaker Naoum,et al.  An Enhanced Resilient Backpropagation Artificial Neural Network for Intrusion Detection System , 2012 .

[6]  Mahmood Yousefi-Azar,et al.  Autoencoder-based feature learning for cyber security applications , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[7]  Yuval Elovici,et al.  Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection , 2018, NDSS.

[8]  Steven Bethard,et al.  Measuring the Latency of Depression Detection in Social Media , 2018, WSDM.

[9]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[10]  Brian Trammell,et al.  Bidirectional Flow Export Using IP Flow Information Export (IPFIX) , 2008, RFC.

[11]  Talha A. Khan,et al.  Network Intrusion Detection and its strategic importance , 2013, 2013 IEEE Business Engineering and Industrial Applications Colloquium (BEIAC).

[12]  Victor Carneiro,et al.  A Practical Application of a Dataset Analysis in an Intrusion Detection System , 2018, 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA).

[13]  Hsiao-Hwa Chen,et al.  Scalable Hyper-Grid k-NN-based Online Anomaly Detection in Wireless Sensor Networks , 2012 .

[14]  Jürgen Quittek,et al.  Architecture for IP Flow Information Export , 2009, RFC.

[15]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[16]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[17]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.