Exploiting Content Spatial Distribution to Improve Detection of Intrusions-Reference-Cited by-同舟云学术

Exploiting Content Spatial Distribution to Improve Detection of Intrusions

Published:2018-05-31 Issue:2 Volume:18 Page:1-21
ISSN:1533-5399
Container-title:ACM Transactions on Internet Technology
language:en
Short-container-title:ACM Trans. Internet Technol.

Author:

Angiulli Fabrizio¹^ORCID,Argento Luciano¹,Furfaro Angelo¹

Affiliation:

1. University of Calabria, Rende(CS), Italy

Abstract

We present PCkAD, a novel semisupervised anomaly-based IDS (Intrusion Detection System) technique, detecting application-level content-based attacks. Its peculiarity is to learn legitimate payloads by splitting packets into chunks and determining the within-packet distribution of n-grams. This strategy is resistant to evasion techniques as blending. We prove that finding the right legitimate content is NP-hard in the presence of chunks. Moreover, it improves the false-positive rate for a given detection rate with respect to the case where the spatial information is not considered. Comparison with well-known IDSs using n-grams highlights that PCkAD achieves state-of-the-art performances.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications

Link

https://dl.acm.org/doi/pdf/10.1145/3143422

Reference49 articles.

1. Brandie Anderson Sue Barsamian Dustin Childs Jason Ding Joy Marie Forsythe Brian Gorenc Angela Gunn Alexander Hoole Howard Miller Sasi Siddharth Muthurajan Yekaterina Tsipenyuk O’Neil John Park Oleg Petrovsky Barak Raz Nidhi Shah Vanja Svajcer Ken Tietjen and Jewel Timpe. 2016. Cyber Risk Report 2016. Technical Report. Hewlett Packard Enterprise. Brandie Anderson Sue Barsamian Dustin Childs Jason Ding Joy Marie Forsythe Brian Gorenc Angela Gunn Alexander Hoole Howard Miller Sasi Siddharth Muthurajan Yekaterina Tsipenyuk O’Neil John Park Oleg Petrovsky Barak Raz Nidhi Shah Vanja Svajcer Ken Tietjen and Jewel Timpe. 2016. Cyber Risk Report 2016. Technical Report. Hewlett Packard Enterprise.

2. Exploiting N-Gram Location for Intrusion Detection

3. Fabrizio Angiulli Luciano Argento and Angelo Furfaro. 2017. PCkAD source code. Retrieved from https://github.com/F3nDis/PCkAD. Fabrizio Angiulli Luciano Argento and Angelo Furfaro. 2017. PCkAD source code. Retrieved from https://github.com/F3nDis/PCkAD.

4. A Naive Bayes Approach for Detecting Coordinated Attacks

5. One-and-a-Half-Class Multiple Classifier Systems for Secure Learning Against Evasion Attacks at Test Time

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Evaluating Deep Packet Inspection in Large-scale Data Processing;2022 9th International Conference on Future Internet of Things and Cloud (FiCloud);2022-08

2. A Novel Hybrid Intrusion Detection Using Flow-Based Anomaly Detection and Cross-Layer Features in Wireless Sensor Network;Automatic Control and Computer Sciences;2020-01

3. Effectiveness of Content Spatial Distribution Analysis in Securing IoT Environments;2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud);2018-08