Anomaly-Based Intrusion Detection by Machine Learning: A Case Study on Probing Attacks to an Institutional Network

2021-01-01
Cyber attacks constitute a significant threat to organizations with implications ranging from economic, reputational, and legal consequences. As cybercriminals' techniques get sophisticated, information security professionals face a more significant challenge to protecting information systems. In today's interconnected realm of computer systems, each attack vector has a network dimension. The present study investigates network intrusion attempts with anomaly-based machine learning models to provide better protection than the conventional misuse-based models. Two models, namely an ensemble learning model and a convolutional neural network model, were built and implemented on a data set gathered from a real-life, institutional production environment. To demonstrate the models' reliability and validity, they were applied to the UNSW-NB15 benchmarking data set. The type of attack was limited to probing attacks to keep the scope of the study manageable. The findings revealed high accuracy rates, the CNN model being slightly more accurate.

Suggestions

Cyber threat intelligence sharing technologies and threat sharing model using blockchain
Özdemir, Ahmet; Acar, Aybar Can; Özgit, Attila; Department of Cybersecurity (2021-5-7)
Against the measures taken, the nature of the threats in the cyber environment is evolving day by day. While script kiddie made amateur cyber attacks were usually experienced beforehand, more sophisticated and targeted attacks are frequently encountered nowadays. Besides that, commonly used signature based techniques for attack detection and threat information staying within organization is insufficient for dynamically changing, organized and targeted threats. Furthermore, with the advance of new technolog...
Static Malware Detection Using Stacked BiLSTM and GPT-2
Demirci, Deniz; Sahin, Nazenin; Sirlancis, Melih; Acartürk, Cengiz (2022-01-01)
In recent years, cyber threats and malicious software attacks have been escalated on various platforms. Therefore, it has become essential to develop automated machine learning methods for defending against malware. In the present study, we propose stacked bidirectional long short-term memory (Stacked BiLSTM) and generative pre-trained transformer based (GPT-2) deep learning language models for detecting malicious code. We developed language models using assembly instructions extracted from .text sections o...
Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm
Cakmakci, Salva Daneshgadeh; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (Elsevier BV, 2020-10-01)
Distributed denial-of-service (DDoS) attacks are constantly evolving as the computer and networking technologies and attackers' motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS attacks....
Challenges of countering cyber terrorism in the hybrid war contexts
Tanrısever, Oktay Fırat (null; 2019-10-15)
This conference paper seeks to explore the characteristics of cyber terrorism and challenges of countering cyber terrorism in the hybrid war contexts. This conference paper also intends to highlight the difficulties of coping with the terrorist uses of the cyber space and social media when the perpetrators of cyber terrorist acts remain anonymous and the parties of hybrid warfare adhere to the principle of deniability constantly The conference paper puts forward the argument that the concept of cyber terror...
DDoS Attack Modeling and Detection Using SMO
Daneshgadeh, Salva; Baykal, Nazife; Ertekin Bolelli, Şeyda (2017-12-21)
Over the last decade, Distributed Denial of Service (DDoS) attacks have been employed to cause huge financial and prestige loss to different kinds of e-business. Attackers also target governmental websites using DDoS attacks as a new weapon in the world of cyber war. The importance of the issue has inspired many researchers from academia and the industry to provide solutions to this type of challenging attack. In this study, we simulated DDoS attacks in a virtual lab and then collected firewall logs from th...
Citation Formats
E. Tufan, C. Tezcan, and C. Acartürk, “Anomaly-Based Intrusion Detection by Machine Learning: A Case Study on Probing Attacks to an Institutional Network,” IEEE ACCESS, pp. 50078–50092, 2021, Accessed: 00, 2021. [Online]. Available: https://hdl.handle.net/11511/89925.