Abstract
Existing models and methods of intrusion detection are mostly aimed at detecting intensive attacks, do not take into account the security of computer system resources and the properties of information flows. This limits the ability to detect anomalies in computer systems and information flows in a timely manner. The latest monitoring and intrusion detection solutions must take into account self-similar and statistical traffic characteristics, deep packet analysis, and the time it takes to process the information. An analysis of properties traffic and data collected at nodes and in the network was performed. Based on the analysis traffic parameters that will be used as indicators for intrusion detection were selected. A method of intrusion detection based on packet statistical analysis is described and simulated. A comparative analysis of binary classification of fractal time series by machine learning methods is performed. We consider classification by the example of different types of attack detection in traffic implementations. Random forest with regression trees and multilayer perceptron with periodic normalization were chosen as classification methods. The experimental results showed the effectiveness of the proposed methods in detecting attacks and identifying their type. All methods showed high attack detection accuracy values and low false positive values.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Jeong HDJ, Ahn W, Kim H, Lee JSR (2017) Anomalous traffic detection and self-similarity analysis in the environment of ATMSim. Cryptography 1(3):1–24
Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (IDPS). NIST Special publication 800–94
Common Vulnerability Scoring System v3.0: Examples, forum of incident response and security teams. https://www.first.org/cvss/examples
Schaelicke L, Wheeler KB, Freeland C (2005) SPANIDS: a scalable network intrusion detection load balancer. In: Computing Frontiers: proceedings of the second conference,. Ischia, Italy, 4–6 May 2005. https://doi.org/10.1145/1062261.1062314
Barracuda Load Balancer ADC. Secure application delivery & load balancing. Barracuda. https://www.barracuda.com/products/loadbalancer/features
Deka R, Bhattacharyya D (2016) Self-similarity based DDoS attack detection using Hurst parameter. Secur Commun Netw 9:4468–4481. https://doi.org/10.1002/sec.1639
Wu M, Moon Y (2019) Alert correlation for cyber-manufacturing intrusion detection. Procedia Manuf 34:820–831. https://doi.org/10.1016/j.promfg.2019.06.197
Daradkeh YI, Kirichenko L, Radivilova T (2018) Development of QoS Methods in the Information Networks with Fractal Traffic. Int J Electr Telecommun 64(1):27–32. https://doi.org/10.24425/118142
Weber M, Pistorius F, Sax E, Maas J, Zimmer B (2019) A hybrid anomaly detection system for electronic control units featuring replicator neural networks. In: Arai K, Kapoor S, Bhatia R (eds) Advances in information and communication networks, FICC 2018, Advances in intelligent systems and computing, vol. 887. Springer, Cham, pp 43 62. https://doi.org/10.1007/978-3-030-03405-4_4
Kirichenko L, Radivilova T, Ryzhanov V (2022) Applying visibility graphs to classify time series. In: Babichev S, Lytvynenko V (eds) Lecture notes in computational intelligence and decision making. ISDMCI 2021. Lecture notes on data engineering and communications technologies, vol 77. Springer, Cham, pp 397–409. https://doi.org/10.1007/978-3-030-82014-5_26
Kumar V, Sinha D (2021) A robust intelligent zero-day cyber-attack detection technique. Complex Intell Syst 7:2211–2234. https://doi.org/10.1007/s40747-021-00396-9
Ageyev D, Radivilova T, Mohammed O (2020) Traffic monitoring and abnormality detection methods analysis. In: 2020 IEEE international conference on problems of infocommunications. Science and Technology (PIC S&T), pp. 823–826. https://doi.org/10.1109/PICST51311.2020.9468103
Monshizadeh M, Khatri V, Atli BG, Kantola R, Yan Z (2019) Performance evaluation of a combined anomaly detection platform. IEEE Access 7:100964–100978. https://doi.org/10.1109/ACCESS.2019.2930832
Radivilova T, Lyudmyla K, Lemeshko O, Ageyev D, Tawalbeh M, Ilkov A (2020) Analysis of approaches of monitoring, intrusion detection and identification of network attacks. In: 2020 ieee international conference on problems of infocommunications. Science and technology (PIC S&T), pp 819–822. https://doi.org/10.1109/PICST51311.2020.9467973
Jyothsna V, Prasad KM (2019) Anomaly-based intrusion detection system. Computer and network security. IntechOpen. https://doi.org/10.5772/intechopen.82287
KhanM A, Karim MR, Kim Y (2019) A scalable and hybrid intrusion detection system based on the convolutional-LSTM network. Symmetry 11:581–585. https://doi.org/10.3390/sym11040583
Khraisat A, Gondal I, Vamplew P et al (2019) Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecur 2:20. https://doi.org/10.1186/s42400-019-0038-7
Kirichenko L, Alghawli ASA, Radivilova T (2020) Generalized approach to analysis of multifractal properties from short time series. Int J Adv Comput Sci Appl (IJACSA) 11(5):183–198. https://doi.org/10.14569/IJACSA.2020.0110527
Kirichenko L, Bulakh V, Radivilova T (2020) Machine learning classification of multifractional Brownian motion realizations. In: Proceedings of the third international workshop on computer modeling and intelligent systems (CMIS-2020), vol 2608. Zaporizhzhia, Ukraine, April 27–May 1, pp 980–989
Elsayed MS, Le-Khac N, Dev S, Jurcut AD (2020) DDoSNet: A deep-learning model for detecting network attacks. In: 2020 IEEE 21st international symposium on “A world of wireless, mobile and multimedia networks” (WoWMoM), pp 391–396
Sharafaldin I, Habibi Lashkari A, Hakak S, Ghorbani AA (2019) Developing realistic distributed denial of service (DDoS) Attack dataset and taxonomy. In: 2019 international carnahan conference on security technology (ICCST), pp 1–8
Kirichenko L, Zinchenko P, Radivilova T (2021) Classification of time realizations using machine learning recognition of recurrence plots. In: Babichev S, Lytvynenko V, Wójcik W, Vyshemyrskaya S (eds) Lecture notes in computational intelligence and decision making. ISDMCI 2020. Advances in intelligent systems and computing, vol 1246. Springer, Cham, pp 687–696. https://doi.org/10.1007/978-3-030-54215-3_44
Kirichenko L, Radivilova T, Bulakh V (2019) Machine learning in classification time series with fractal properties. Data 4(1), 5:1–13. https://doi.org/10.3390/data4010005
Radivilova T, Kirichenko L, Ageyev D, Tawalbeh M, Bulakh V, Zinchenko P (2019) Intrusion detection based on machine learning using fractal properties of traffic realizations. In: 2019 IEEE international conference on advanced trends in information theory (ATIT). Kyiv, Ukraine, pp 218–221. https://doi.org/10.1109/ATIT49449.2019.9030452
Kelley T, Amon MJ, Bertenthal BI (2018) Statistical models for predicting threat detection from human behavior. Front Psychol 9:466. https://doi.org/10.3389/fpsyg.2018.00466
Li Y, Sperrin M, Ashcroft DM, van Staa TP (2020) Consistency of variety of machine learning and statistical models in predicting clinical risks of individual patients: longitudinal cohort study using cardiovascular disease as exemplar BMJ 371:m3919. https://doi.org/10.1136/bmj.m3919
Srinivasa Reddy L, Vemuru S (2020) A survey of different machine learning models for static and dynamic malware detection. Europ J Mol Clin Med 7(3):4299–4308
Magán-Carrión R, Camacho J, Maciá-Fernández G, Ruíz-Zafra Á (2020) Multivariate statistical network monitoring–sensor: an effective tool for real-time monitoring and anomaly detection in complex networks and systems. Int J Distrib Sens Netw 2020. https://doi.org/10.1177/1550147720921309
Zhu S, Li S, Wang Z, Chen X, Qian Z, Krishnamurthy SV, Chan KS, Swami A (2020) You do (not) belong here: detecting DPI evasion attacks with context learning. In: Proceedings of the 16th international conference on emerging networking experiments and technologies (CoNEXT’20). Association for computing machinery, New York, NY, USA, pp 183–197. https://doi.org/10.1145/3386367.3431311
Zhao J, Shetty S, Pan J et al (2019) Transfer learning for detecting unknown network attacks. EURASIP J. on Info Secur 1. https://doi.org/10.1186/s13635-019-0084-4
Radivilova T, Kirichenko L, Vitalii B (2019) Comparative analysis of machine learning classification of time series with fractal properties. In: 2019 IEEE 8th international conference on advanced optoelectronics and lasers (CAOL). Sozopol, Bulgaria, pp 557–560. https://doi.org/10.1109/CAOL46282.2019.9019416
Kirichenko L, Radivilova T, Bulakh V (2020) Binary classification of fractal time series by machine learning methods. In: Lytvynenko V, Babichev S, Wójcik W, Vynokurova O, Vyshemyrskaya S, Radetskaya S (eds) Lecture notes in computational intelligence and decision making. ISDMCI 2019. Advances in intelligent systems and computing, vol 1020. Springer, Cham pp701–711. https://doi.org/10.1007/978-3-030-26474-1_49
Sharafaldin I, Habibi Lashkari A, Ghorbani AA (2018) A detailed analysis of the CICIDS2017 Data Set. ICISSP
Intrusion detection evaluation dataset (CIC-IDS2017). https://www.unb.ca/cic/datasets/ids-2017.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Radivilova, T. et al. (2022). Statistical and Signature Analysis Methods of Intrusion Detection. In: Oliynykov, R., Kuznetsov, O., Lemeshko, O., Radivilova, T. (eds) Information Security Technologies in the Decentralized Distributed Networks. Lecture Notes on Data Engineering and Communications Technologies, vol 115. Springer, Cham. https://doi.org/10.1007/978-3-030-95161-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-95161-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95160-3
Online ISBN: 978-3-030-95161-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)