Skip to main content

From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods.

Tools

Nisioti, A., Mylonas, A., Yoo, P.D. and Katos, V., 2018. From Intrusion Detection to Attacker Attribution: A Comprehensive Survey of Unsupervised Methods. IEEE Communications Surveys and Tutorials, 20 (4), 3369-3388.

Full text available as:

[img]
Preview
 PDF (OPEN ACCESS ARTICLE)
08410366.pdf - Published Version
Available under License Creative Commons Attribution.
2MB
[img]
Preview
 PDF ((c) 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses)
IEEE COMST 18 - From_intrusion_detection_to_attribution_.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.
1MB

Copyright to original material in this document is with the original owner(s). Access to this content through BURO is granted on condition that you use it only for research, scholarly or other non-commercial purposes. If you wish to use it for any other purposes, you must contact BU via BURO@bournemouth.ac.uk.

Any third party copyright material in this document remains the property of its respective owner(s). BU grants no licence for further use of that third party material.

DOI: 10.1109/COMST.2018.2854724

Abstract

Over the last five years there has been an increase in the frequency and diversity of network attacks. This holds true, as more and more organisations admit compromises on a daily basis. Many misuse and anomaly based Intrusion Detection Systems (IDSs) that rely on either signatures, supervised or statistical methods have been proposed in the literature, but their trustworthiness is debatable. Moreover, as this work uncovers, the current IDSs are based on obsolete attack classes that do not reflect the current attack trends. For these reasons, this paper provides a comprehensive overview of unsupervised and hybrid methods for intrusion detection, discussing their potential in the domain. We also present and highlight the importance of feature engineering techniques that have been proposed for intrusion detection. Furthermore, we discuss that current IDSs should evolve from simple detection to correlation and attribution. We descant how IDS data could be used to reconstruct and correlate attacks to identify attackers, with the use of advanced data analytics techniques. Finally, we argue how the present IDS attack classes can be extended to match the modern attacks and propose three new classes regarding the outgoing network communication

Item Type:Article
ISSN:1553-877X
Uncontrolled Keywords:Anomaly IDS; correlation and attribution; attack reconstruction; digital forensics; network forensics; data analytics; unsupervised learning; feature selection; Intrusion detection; Correlation; Feature extraction; Forensics; Computer crime; Telecommunication traffic; Monitoring
Group:Faculty of Science & Technology
ID Code:30985
Deposited By: Symplectic RT2
Deposited On:16 Jul 2018 13:08
Last Modified:14 Mar 2022 14:11

Downloads

Downloads per month over past year

More statistics for this item...
Repository Staff Only -