Visible to the public Biblio

Filters: Keyword is anomaly-based intrusion detection system  [Clear All Filters]
2021-02-23
Shah, A., Clachar, S., Minimair, M., Cook, D..  2020.  Building Multiclass Classification Baselines for Anomaly-based Network Intrusion Detection Systems. 2020 IEEE 7th International Conference on Data Science and Advanced Analytics (DSAA). :759—760.
This paper showcases multiclass classification baselines using different machine learning algorithms and neural networks for distinguishing legitimate network traffic from direct and obfuscated network intrusions. This research derives its baselines from Advanced Security Network Metrics & Tunneling Obfuscations dataset. The dataset captured legitimate and obfuscated malicious TCP communications on selected vulnerable network services. The multiclass classification NIDS is able to distinguish obfuscated and direct network intrusion with up to 95% accuracy.
2019-07-01
Almehmadi, Abdulaziz.  2018.  SCADA Networks Anomaly-based Intrusion Detection System. Proceedings of the 11th International Conference on Security of Information and Networks. :18:1–18:4.
Intentional attacks1 that cause country wide blackouts, gas and water systems malfunction are actions that can be carried out by a nation to impact on another nation in a mean of war. Supervisory control and data acquisition (SCADA) networks that allow for communication for the utilities companies were designed with no security in mind causing the systems that a nation relies on to fall vulnerable to exploitation. Since SCADA networks are static in nature with pre-defined signatures of network traffic, we propose to design an anomaly-based intrusion detection system to detect abnormality in SCADA network traffic and protocols. We gather normal SCADA network traffic via tapping on the network for 30 days and then attack the network using Denial of Service (DoS) attack, message spoofing attack and man-in-the middle attack. We then train a classifier with two classes, normal and abnormal and report the classifier accuracy in detecting abnormal SCADA network traffic.
2015-05-05
Cam, H., Mouallem, P., Yilin Mo, Sinopoli, B., Nkrumah, B..  2014.  Modeling impact of attacks, recovery, and attackability conditions for situational awareness. Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2014 IEEE International Inter-Disciplinary Conference on. :181-187.

A distributed cyber control system comprises various types of assets, including sensors, intrusion detection systems, scanners, controllers, and actuators. The modeling and analysis of these components usually require multi-disciplinary approaches. This paper presents a modeling and dynamic analysis of a distributed cyber control system for situational awareness by taking advantage of control theory and time Petri net. Linear time-invariant systems are used to model the target system, attacks, assets influences, and an anomaly-based intrusion detection system. Time Petri nets are used to model the impact and timing relationships of attacks, vulnerability, and recovery at every node. To characterize those distributed control systems that are perfectly attackable, algebraic and topological attackability conditions are derived. Numerical evaluation is performed to determine the impact of attacks on distributed control system.

2015-04-30
Cam, H., Mouallem, P., Yilin Mo, Sinopoli, B., Nkrumah, B..  2014.  Modeling impact of attacks, recovery, and attackability conditions for situational awareness. Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2014 IEEE International Inter-Disciplinary Conference on. :181-187.

A distributed cyber control system comprises various types of assets, including sensors, intrusion detection systems, scanners, controllers, and actuators. The modeling and analysis of these components usually require multi-disciplinary approaches. This paper presents a modeling and dynamic analysis of a distributed cyber control system for situational awareness by taking advantage of control theory and time Petri net. Linear time-invariant systems are used to model the target system, attacks, assets influences, and an anomaly-based intrusion detection system. Time Petri nets are used to model the impact and timing relationships of attacks, vulnerability, and recovery at every node. To characterize those distributed control systems that are perfectly attackable, algebraic and topological attackability conditions are derived. Numerical evaluation is performed to determine the impact of attacks on distributed control system.