An iterative multiple sampling method for intrusion detection

Threats to network security increase with growing volumes and velocity of data across networks, and they present challenges not only to law enforcement agencies, but to businesses, families and individuals. The volume, velocity and veracity of shared data across networks entail accurate and reliable...

Full description

Saved in:
Bibliographic Details
Published in:Information security journal. 2018-07, Vol.27 (4), p.230-239
Main Authors: Mwitondi, Kassim S., Zargari, Shahrzad A.
Format: Article
Language:English
Subjects:
Algorithms
Business law
Cross-validation
cyber security
Cybersecurity
Data mining
dimensional reduction
Filtration
intrusion detection
Intrusion detection systems
Iterative methods
Law enforcement
Machine learning
Network security
principal component analysis
Scientific visualization
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Threats to network security increase with growing volumes and velocity of data across networks, and they present challenges not only to law enforcement agencies, but to businesses, families and individuals. The volume, velocity and veracity of shared data across networks entail accurate and reliable automated tools for filtering out useful from malicious, noisy or irrelevant data. While data mining and machine learning techniques have widely been adopted within the network security community, challenges and gaps in knowledge extraction from data have remained due to insufficient data sources on attacks on which to test the algorithms accuracy and reliability. We propose a data-flow adaptive approach to intrusion detection based on high-dimensional cyber-attacks data. The algorithm repeatedly takes random samples from an inherently bi-modal, high-dimensional dataset of 82,332 observations on 25 numeric and two categorical variables. Its main idea is to capture subtle information resulting from reduced data dimension of a large number of malicious flows and by iteratively estimating roles played by individual variables in construction of key components. Data visualization and numerical results provide a clear separation of a set of variables associated with attack types and show that component-dominating parameters are crucial in monitoring future attacks.
ISSN:1939-3555
1939-3547
DOI:10.1080/19393555.2018.1539790