Statistical fingerprint‐based intrusion detection system (SF‐IDS)

Summary Intrusion detection systems (IDS) are systems aimed at analyzing and detecting security problems. The IDS may be structured into misuse and anomaly detection. The former are often signature/rule IDS that detect malicious software by inspecting the content of packets or files looking for a “signature” labeling malware. They are often very efficient, but their drawback stands in the weakness of the information to check (eg, the signature), which may be quickly dated, and in the computation time because each packet or file needs to be inspected. The IDS based on anomaly detection and, in particular, on statistical analysis have been originated to bypass the mentioned problems. Instead of inspecting packets, each traffic flow is observed so getting a statistical characterization, which represents the fingerprint of the flow. This paper introduces a statistical analysis based intrusion detection system, which, after extracting the statistical fingerprint, uses machine learning classifiers to decide whether a flow is affected by malware or not. A large set of tests is presented. The obtained results allow selecting the best classifiers and show the performance of a decision maker that exploits the decisions of a bank of classifiers acting in parallel.

[1]  Alberto Maria Segre,et al.  Programs for Machine Learning , 1994 .

[2]  Hari Om,et al.  A hybrid system for reducing the false alarm rate of anomaly intrusion detection system , 2012, 2012 1st International Conference on Recent Advances in Information Technology (RAIT).

[3]  Kang G. Shin,et al.  MODELZ: Monitoring, Detection, and Analysis of Energy-Greedy Anomalies in Mobile Handsets , 2011, IEEE Transactions on Mobile Computing.

[4]  Maurizio Dusi,et al.  Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting , 2009, Comput. Networks.

[5]  Nei Kato,et al.  A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks , 2009, IEEE Transactions on Vehicular Technology.

[6]  Maurizio Dusi,et al.  Traffic classification through simple statistical fingerprinting , 2007, CCRV.

[7]  Joyce K. Reynolds Assigned Numbers: RFC 1700 is Replaced by an On-line Database , 2002, RFC.

[8]  Sakir Sezer,et al.  Analysis of Bayesian classification-based approaches for Android malware detection , 2016, IET Inf. Secur..

[9]  T. Vinay Kumar M. Tech Malwise-An Effective and Efficient Classification System for Packed and Polymorphic Malware , 2014 .

[10]  Pavel Pudil,et al.  Introduction to Statistical Pattern Recognition , 2006 .

[11]  Eibe Frank,et al.  Combining Naive Bayes and Decision Tables , 2008, FLAIRS.

[12]  Mahdi Zamani,et al.  Machine Learning Techniques for Intrusion Detection , 2013, ArXiv.

[13]  Chandrasekaran,et al.  Study on Classification Algorithms for Network Intrusion Systems , 2012 .

[14]  Nei Kato,et al.  Network-Based Traitor-Tracing Technique Using Traffic Pattern , 2010, IEEE Transactions on Information Forensics and Security.

[15]  M. Hemalatha,et al.  Perspective analysis of machine learning algorithms for detecting network intrusions , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).

[16]  Zhenyu Wu,et al.  Humans and Bots in Internet Chat: Measurement, Analysis, and Automated Classification , 2011, IEEE/ACM Transactions on Networking.

[17]  Wanlei Zhou,et al.  Malwise—An Effective and Efficient Classification System for Packed and Polymorphic Malware , 2013, IEEE Transactions on Computers.

[18]  Keinosuke Fukunaga,et al.  Introduction to statistical pattern recognition (2nd ed.) , 1990 .

[19]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[20]  Mauro Conti,et al.  FM 99.9, Radio Virus: Exploiting FM Radio Broadcasts for Malware Deployment , 2013, IEEE Transactions on Information Forensics and Security.

[21]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[22]  Irfan-Ullah Awan,et al.  Performance Evaluation Study of Intrusion Detection Systems , 2011, ANT/MobiWIS.

[23]  Igor Santos,et al.  Using opcode sequences in single-class learning to detect unknown malware , 2011, IET Inf. Secur..

[24]  Brian R. Gaines,et al.  Induction of ripple-down rules applied to modeling large databases , 1995, Journal of Intelligent Information Systems.

[25]  Xin Wang,et al.  Growing Grapes in Your Computer to Defend Against Malware , 2014, IEEE Transactions on Information Forensics and Security.

[26]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[27]  Kieran McLaughlin,et al.  SVM Training Phase Reduction Using Dataset Feature Filtering for Malware Detection , 2013, IEEE Transactions on Information Forensics and Security.

[28]  Yanfang Ye,et al.  CIMDS: Adapting Postprocessing Techniques of Associative Classification for Malware Detection , 2010, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[29]  Pat Langley,et al.  An Analysis of Bayesian Classifiers , 1992, AAAI.

[30]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[31]  Norrozila Sulaiman,et al.  A novel intrusion detection system by using intelligent data mining in weka environment , 2011, WCIT.

[32]  Victor Valeriu Patriciu,et al.  Intrusions detection based on Support Vector Machine optimized with swarm intelligence , 2014, 2014 IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI).

[33]  Andrew McCallum,et al.  A comparison of event models for naive bayes text classification , 1998, AAAI 1998.

[34]  Balaraman Ravindran,et al.  Adaptive network intrusion detection system using a hybrid approach , 2012, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[35]  Ranjita Kumari Dash,et al.  Selection Of The Best Classifier From Different Datasets Using WEKA , 2013 .

[36]  Eibe Frank Fully supervised training of Gaussian radial basis function networks in WEKA , 2014 .

[37]  Yong Chen,et al.  Ensemble Clustering for Internet Security Applications , 2012, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[38]  Elsayed A. Sallam,et al.  A hybrid network intrusion detection framework based on random forests and weighted k-means , 2013 .

[39]  David Brumley,et al.  SplitScreen: Enabling efficient, distributed malware detection , 2010, Journal of Communications and Networks.

[40]  Ali Movaghar-Rahimabadi,et al.  Intrusion Detection: A Survey , 2008, 2008 Third International Conference on Systems and Networks Communications.

[41]  David G. Stork,et al.  Pattern classification, 2nd Edition , 2000 .

[42]  Maurizio Mongelli,et al.  DNS tunneling detection through statistical fingerprints of protocol messages and machine learning , 2015, Int. J. Commun. Syst..

[43]  Ian H. Witten,et al.  Generating Accurate Rule Sets Without Global Optimization , 1998, ICML.

[44]  Jie Wu,et al.  Behavioral Malware Detection in Delay Tolerant Networks , 2014, IEEE Transactions on Parallel and Distributed Systems.

[45]  John C. Platt,et al.  Fast training of support vector machines using sequential minimal optimization, advances in kernel methods , 1999 .

[46]  Xin Huang,et al.  Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications , 2009, DIMVA.

[47]  Deokjai Choi,et al.  Application of Data Mining to Network Intrusion Detection: Classifier Selection Model , 2008, APNOMS.

[48]  Hee Beng Kuan Tan,et al.  Detection of Mobile Malware in the Wild , 2012, Computer.

[49]  Jack W. Davidson,et al.  Defense against the dark arts , 2008, SIGCSE '08.