Automatic network intrusion detection: Current techniques and open issues

Computers and Electrical Engineering

Volumn 38, Issue 5, 2012, Pages 1062-1072

  Catania, Carlos A ^a   Garino, Carlos García ^a  

^a UNIVERSIDAD NACIONAL DE CUYO   (Argentina)

Author keywords

[No Author keywords available]

Indexed keywords

DATA MINING; LEARNING SYSTEMS; NETWORK SECURITY; SURVEYS;

AUTOMATIC NETWORKS; INDUSTRY STANDARDS; NOVEL TECHNIQUES; RESEARCH TOPICS; SIGNATURE-BASED APPROACH;

INTRUSION DETECTION;

EID: 84866355973     PISSN: 00457906     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.compeleceng.2012.05.013     Document Type: Article

References (72)

1. M. Roesch SNORT - lightweight intrusion detection for networks Proceedings of the 13th USENIX conference on system administration, LISA '990 1999 USENIX Association Berkeley, CA, USA 229 238
2. Kendall K. A database of computer attacks for the evaluation of intrusion detection systems. Master's thesis, AAI3006082; 1999.
3. A. Lazarevic, V. Kumar, and J. Srivastava Intrusion detection: a survey V. Kumar, J. Srivastava, A. Lazarevic, Managing cyber threats Massive computing vol. 5 2005 Springer US 19 78
4. B. Mukherjee, L. Heberlein, and K. Levitt Network intrusion detection Netw IEEE 8 1994 26 41
5. A. Patcha, and J.-M. Park Network anomaly detection with incomplete audit data Comput Netw 51 2007 3935 3955
6. Lindqvist U, Porras P. Detecting computer and network misuse through the production-based expert system toolset (P-BEST). In: Proceedings of the 1999 IEEE symposium on security and privacy; 1999. p. 146-61.
7. Porras PA, Neumann PG. EMERALD: event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th national information systems security conference; 1997. p. 353-65.
8. W. Lee, and S.J. Stolfo Data mining approaches for intrusion detection Proceedings of the 7th conference on USENIX security symposium vol. 7 1998 USENIX Association Berkeley, CA, USA 6
9. Cannady J. Artificial neural networks for misuse detection. In: National information systems security conference, Arlington, VA, USA; 1998. p. 368-381.
10. G. Liu, Z. Yi, and S. Yang A hierarchical intrusion detection model based on the PCA neural networks Neurocomputing 70 2007 1561 1568
11. P.A.R. Kumar, and S. Selvakumar Distributed denial of service attack detection using an ensemble of neural classifier Comput Commun 34 2011 1328 1341
12. I. Ahmad, A.B. Abdullah, and A.S. Alghamdi Artificial neural network approaches to intrusion detection: a review Proceedings of the 8th Wseas international conference on telecommunications and informatics 2009 World Scientific and Engineering Academy and Society (WSEAS) Stevens Point, Wisconsin, USA 200 205
13. Q. Xu, W. Pei, L. Yang, and Q. Zhao An intrusion detection approach based on understandable neural network trees Int J Comput Sci Netw Secur 6 2006 229 234
14. A. Abraham, and C. Grosan Evolving intrusion detection systems N. Nedjah, L. Mourelle, A. Abraham, Genetic systems programming Studies in computational intelligence vol. 13 2006 Springer Berlin/Heidelberg 57 79
15. Li W. Using genetic algorithm for network intrusion detection. In: Proceedings of the United States department of energy cyber security group 2004 training conference, Kansas City, Kansas, Department of Computer Science and Engineering, Mississippi State University, Mississippi State; 2004. p. 24-7.
16. Gong RH, Zulkernine M, Abolmaesumi P. A software implementation of a genetic algorithm based approach to network intrusion detection. In: International conference on software engineering, artificial intelligence, networking and parallel/distributed computing and international workshop on self-assembling wireless networks; 2005. p. 246-53.
17. Z. Bankovic, D. Stepanovic, S. Bojanic, and O. Nieto-Taladriz Improving network security using genetic algorithm approach Comput Electr Eng 33 2007 438 451
18. Vollmer T, Alves-Foss J, Manic M. Autonomous rule creation for intrusion detection. In: IEEE Symposium on computational intelligence in cyber security (CICS); 2011. p. 1-8.
19. J. Gomez, and D. Dasgupta Evolving fuzzy classifiers for intrusion detection Proceedings of the 2002 IEEE workshop on information assurance 2002 IEEE Computer Press New York
20. Bridges S, Vaughn R. Fuzzy data mining and genetic algorithms applied to intrusion detection. In: Proceedings of the 23rd national information systems security conference, Citeseer, held in Baltimore, MA; 2000. p. 13-31.
21. Chen C, Mabu S, Yue C, Shimada K, Hirasawa K. Analysis of fuzzy class association rule mining based on genetic network programming. In: ICCAS-SICE; 2009. p. 3480-4.
22. M.S. Abadeh, H. Mohamadi, and J. Habibi Design and analysis of genetic fuzzy systems for intrusion detection in computer networks Expert Syst Appl 38 2011 7067 7075
23. Luo J. Integrating fuzzy logic with data mining methods for intrusion detection. Master's thesis, Department of Computer Science, Mississippi State University; 1999.
24. Florez G, Bridges S, Vaughn R. An improved algorithm for fuzzy data mining for intrusion detection. In: Fuzzy information processing society. Proceedings. NAFIPS. 2002 Annual meeting of the North American; 2002. p. 457-62.
25. Ye N, Li X, Emran S. Decision tree for signature recognition and state classification. In: Proceedings of IEEE systems, man and cybernetics information assurance and security workshop; 2000.
26. Mukkamala S, Janoski G, Sung A. Intrusion detection using neural networks and support vector machines. In: Proceedings of the international joint conference on neural networks, IJCNN '02, vol. 2; 2002. p. 1702-7.
27. Sung A, Mukkamala S. Identifying important features for intrusion detection using support vector machines and neural networks. In: Proceedings of 2003 symposium on applications and the internet; 2003. p. 209-16.
28. E. Bonabeau, M. Dorigo, and G. Theraulaz Swarm intelligence: from natural to artificial systems 1999 Oxford University Press, Inc. New York, NY, USA
29. V. Ramos, and A. Abraham ANTIDS: self organized ant-based clustering model for intrusion detection system A. Abraham, Y. Dote, T. Furuhashi, M. Koppen, A. Ohuchi, Y. Ohsawa, Soft computing as transdisciplinary science and technology Advances in intelligent and soft computing vol. 29 2005 Springer Berlin/Heidelberg 977 986
30. Banerjee S, Grosan C, Abraham A. IDEAS: Intrusion detection based on emotional ants for sensors. In: International conference on intelligent systems design and applications; 2005. p. 344-9.
31. J. He, D. Long, and C. Chen An improved ant-based classifier for intrusion detection Int Conf Nat Comput 4 2007 819 823
32. C. Guolong, C. Qingliang, and G. Wenzhong A PSO-based approach to rule learning in network intrusion detection B.-Y. Cao, Fuzzy information and engineering Advances in intelligent and soft computing vol. 40 2007 Springer Berlin/Heidelberg 666 673
33. J. Kittler, M. Hatef, R.P.W. Duin, and J. Matas On combining classifiers IEEE Trans Pattern Anal Mach Intell 20 1998 226 239
34. G. Giacinto, F. Roli, and L. Didaci Fusion of multiple classifiers for intrusion detection in computer networks Pattern Recognit Lett 24 2003 1795 1803
35. S. Staniford, J.A. Hoagland, and J.M. McAlerney Practical automated detection of stealthy portscans J Comput Secur 10 2002 105 136
36. A. Lakhina, K. Papagiannaki, M. Crovella, C. Diot, E.D. Kolaczyk, and N. Taft Structural analysis of network traffic flows Proceedings of the joint international conference on measurement and modeling of computer systems SIGMETRICS '04/Performance '04 2004 ACM New York, NY, USA 61 72
37. Y. Gu, A. McCallum, and D. Towsley Detecting anomalies in network traffic using maximum entropy estimation Proceedings of the 5th ACM SIGCOMM conference on internet measurement, IMC '05 2005 USENIX Association Berkeley, CA, USA 32
38. M.V. Mahoney, and P.K. Chan Learning nonstationary models of normal network traffic for detecting novel attacks Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining KDD '02 2002 ACM New York, NY, USA 376 385
39. Mahoney MV, Chan PK. PHAD: packet header anomaly detection for identifying hostile network traffic. Technical report CS-2001-4 2004. Florida Institute of Technology; 2001.
40. Mahoney MV. Detecting novel attacks by identifying anomalous network packet headers. Technical report CS-2001-2. Florida Institute of Technology; 2001.
41. Mahoney M, Chan P. Learning models of network traffic for detecting novel attacks. Technical report CS-2002-08. Florida Institute of Technology; 2002.
42. W. Cohen Fast effective rule induction Proceedings of the 12th international conference on machine learning 1995 Morgan Kaufman 115 123
43. Portnoy L, Eskin E, Stolfo S. Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS workshop on data mining applied to security, Philadelphia, PA.
44. V. Chandola, A. Banerjee, and V. Kumar Anomaly detection: a survey ACM Comput Surv 41 2009 15:1 15:58
45. Lazarevic A, Ertöz L, Kumar V, Ozgur A, Srivastava J. A comparative study of anomaly detection schemes in network intrusion detection. In: Proceedings of the third SIAM international conference on data mining.
46. Ertöz L, Eilertson E, Lazarevic A, Tan PN, Kumar V, Srivastava J, et al. MINDS - minnesota intrusion detection system. MIT Press; 2004.
47. M.-Y. Su Using clustering to improve the knn-based classifiers for online anomaly network traffic identification J Netw Comput Appl 34 2011 722 730
48. F. Wang, Y. Qian, Y. Dai, and Z. Wang A model based on hybrid support vector machine and self-organizing map for anomaly detection Int Conf Commun Mobile Comput 1 2010 97 101
49. E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo A geometric framework for unsupervised anomaly detection D. Barbara, S. Jajodia, Advances in information security 2002 Springer
50. G. Giacinto, R. Perdisci, M. Del Rio, and F. Roli Intrusion detection in computer networks by a modular ensemble of one-class classifiers Inform Fusion 9 2008 69 82
51. M. Rehak, M. Pechoucek, M. Grill, J. Stiborek, K. Bartos, and P. Celeda Adaptive multiagent system for network traffic monitoring Intell Syst IEEE 24 2009 16 25
52. J. Sabater, and C. Sierra Review on computational trust and reputation models Artif Intell Rev 24 2005 33 60
53. V. Paxson Bro: a system for detecting network intruders in real-time Comput Netw 31 1999 2435 2463
54. Suricata. Suricata intrusion detection system; 2011.
55. Gomez J, Dasgupta D, Nasraoui O, Gonzalez F. Complete expression trees for evolving fuzzy classifier systems with genetic algorithms and application to network intrusion detection. In: Proceedings NAFIPS fuzzy information processing society 2002 annual meeting of the North American. p. 469-74.
56. Porras P, Valdes A. Live traffic analysis of TCP/IP gateways. In: Internet society symposium on network and distributed system security, San Diego.
57. H. Fowler, and W. Leland Local area network characteristics, with implications for broadband network congestion management IEEE J Select Areas Commun 9 1991 1139 1149
58. Mahoney M, Chan P. Learning rules for anomaly detection of hostile network traffic. In: Third IEEE international conference on data mining. ICDM 2003; 2003. p. 601-4.
59. A. Lakhina, M. Crovella, and C. Diot Mining anomalies using traffic feature distributions SIGCOMM Comput Commun Rev 35 2005 217 228
60. A. Lakhina, M. Crovella, and C. Diot Diagnosing network-wide traffic anomalies SIGCOMM Comput Commun Rev 34 2004 219 230
61. C. Callegari, L. Gazzarrini, S. Giordano, M. Pagano, and T. Pepe Detecting network anomalies in backbone networks S. Jha, R. Sommer, C. Kreibich, Recent advances in intrusion detection Lecture notes in computer science vol. 6307 2010 Springer Berlin/Heidelberg 490 491
62. M.A. AydIn, A.H. Zaim, and K.G. Ceylan A hybrid intrusion detection system design for computer network security Comput Electr Eng 35 2009 517 526
63. K. Hwang, M. Cai, Y. Chen, and M. Qin Hybrid intrusion detection with weighted signature generation over anomalous internet episodes IEEE Trans Depend Secure Comput 4 2007 41 55
64. G. Gu, R. Perdisci, J. Zhang, and W. Lee Botminer: clustering analysis of network traffic for protocol- and structure-independent botnet detection Proceedings of the 17th conference on Security symposium, USENIX 2008 USENIX Association Berkeley, CA, USA 139 154
65. L. Shoemaker, and L.O. Hall Anomaly detection using ensembles Proceedings of the 10th international conference on Multiple classifier systems MCS'11 2011 Springer-Verlag Berlin, Heidelberg 6 15
66. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, and E. Vazquez Anomaly-based network intrusion detection: techniques, systems and challenges Comput Secur 28 2009 18 28
67. S. Mehdi, J. Khalid, and S. Khayam Revisiting traffic anomaly detection using software defined networking R. Sommer, D. Balzarotti, G. Maier, Recent advances in intrusion detection Lecture notes in computer science vol. 6961 2011 Springer Berlin/Heidelberg 161 180
68. R.P. Lippmann, and R.K. Cunningham Improving intrusion detection performance using keyword selection and neural networks Comput Netw 34 2000 597 603
69. R. Lippmann, J.W. Haines, D.J. Fried, J. Korba, and K. Das The 1999 darpa off-line intrusion detection evaluation Comput Netw 34 2000 579 595
70. D. Zagar, K. Grgic, and S. Rimac-Drlje Security aspects in ipv6 networks - implementation and testing Comput Electr Eng 33 2007 425 437
71. C. Wright, C. Connelly, T. Braje, J. Rabek, L. Rossey, and R. Cunningham Generating client workloads and high-fidelity network traffic for controllable, repeatable experiments in computer security S. Jha, R. Sommer, C. Kreibich, Recent advances in intrusion detection Lecture notes in computer science vol. 6307 2010 Springer Berlin/Heidelberg 218 237
72. A. Shiravi, H. Shiravi, M. Tavallaee, and A.A. Ghorbani Toward developing a systematic approach to generate benchmark datasets for intrusion detection Comput Secur 31 2012 357 374