More Web Proxy on the site http://driver.im/

research-article

Crook-sourced intrusion detection as a service

Authors:

Frederico Araujo,

Gbadebo Ayoade,

Khaled Al-Naami,

Kevin W. Hamlen,

Latifur KhanAuthors Info & Claims

Volume 61, Issue C

https://doi.org/10.1016/j.jisa.2021.102880

Published: 01 September 2021 Publication History

Abstract

Most conventional cyber defenses strive to reject detected attacks as quickly and decisively as possible; however, this instinctive approach has the disadvantage of depriving intrusion detection systems (IDSes) of learning experiences and threat data that might otherwise be gleaned from deeper interactions with adversaries. For IDS technology to improve, a next-generation cyber defense is proposed in which cyber attacks are unconventionally reimagined as free sources of live IDS training data. Rather than aborting attacks against legitimate services, adversarial interactions are selectively prolonged to maximize the defender’s harvest of useful threat intelligence. Enhancing web services with deceptive attack-responses in this way is shown to be a powerful and practical strategy for improved detection, addressing several perennial challenges for machine learning-based IDS in the literature, including scarcity of training data, the high labeling burden for (semi-)supervised learning, encryption opacity, and concept differences between honeypot attacks and those against genuine services. By reconceptualizing software security patches as feature extraction engines, the approach conscripts attackers as free penetration testers, and coordinates multiple levels of the software stack to achieve fast, automatic, and accurate labeling of live web streams.

Prototype implementations are showcased for two feature set models to extract security-relevant network- and system-level features from cloud services hosting enterprise-grade web applications. The evaluation demonstrates that the extracted data can be fed back into a network-level IDS for exceptionally accurate, yet lightweight attack detection.

References

[1]

Edgescan, Vulnerability statistics report, 2019.

[2]

Symantec, Internet Security Threat Report, Vol. 23, 2018.

[3]

Juniper Research, The future of cybercrime and security: Key takeaways and juniper leaderboard, 2017.

[4]

Denning D.E., An intrusion-detection model, IEEE Trans Softw Eng (TSE) 13 (2) (1987) 222–232.

[5]

Sager T., Killing advanced threats in their tracks: An intelligent approach to attack prevention, InfoSec Read Room (2014).

[6]

DiMaggio J., The Black Vine cyberespionage group, in: Symantec Security Response, 2015.

[7]

Jeng A., Minimizing damage from J.P. Morgan’s data breach, InfoSec Read Room (2015).

[8]

Novetta Threat Research Group, Operation blockbuster: Unraveling the long thread of the sony attack, 2016.

[9]

Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA. A Sense of Self for Unix Processes, In: Proceedings of the 17th IEEE Symposium on Security & Privacy (S&P): 1996, p. 120–128.

[10]

Lee W, Stolfo SJ. Data Mining Approaches for Intrusion Detection, In: Proceedings of the 7th USENIX Security Symposium, 1998; p. 79–93.

[11]

Yao D., Shu X., Cheng L., Stolfo S.J., Bertino E., Sandhu R., Anomaly detection as a service: Challenges, advances, and opportunities, Synthesis Lectures on Information Security, Privacy, and Trust, Morgan & Claypool Publishers, 2017.

[12]

Tsai C.-F., Hsu Y.-F., Lin C.-Y., Lin W.-Y., Intrusion detection by machine learning: A review, Expert Syst Appl 36 (10) (2009) 11994–12000.

Digital Library

[13]

Sommer R, Paxson V. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection, In: Proceedings of the 31st IEEE Symposium on Security & Privacy (S&P), 2010; p. 305–316.

[14]

Bhuyan M.H., Bhattacharyya D.K., Kalita J.K., Network anomaly detection: Methods, systems and tools, IEEE Commun Surv Tutor 16 (1) (2014) 303–336.

[15]

Chandola V., Banerjee A., Kumar V., Anomaly detection: A survey, ACM Comput Surv (CSUR) 41 (3) (2009) 15.

[16]

Garcia-Teodoro P., Diaz-Verdejo J., Maciá-Fernández G., Vázquez E., Anomaly-based network intrusion detection: Techniques, systems and challenges, Comput Secur 28 (1) (2009) 18–28.

Digital Library

[17]

Patcha A., Park J.-M., An overview of anomaly detection techniques: Existing solutions and latest technological trends, Comput Netw 51 (12) (2007) 3448–3470.

Digital Library

[18]

Araujo F, Ayoade G, Al-Naami K, Gao Y, Hamlen KW, Khan L. Improving Intrusion Detectors by Crook-sourcing, In: Procceedings of the 35th Annual Computer Security Applications Conference (ACSAC), 2019; p. 245–256.

[19]

Yuill J., Denning D., Feer F., Using deception to hide things from hackers: Processes, principles, and techniques, J Inform Warfare 5 (3) (2006) 26–40.

[20]

Vasilomanolakis E., Karuppayah S., Mühlhäuser M., Fischer M., Taxonomy and survey of collaborative intrusion detection, ACM Comput Surv 47 (4) (2015).

Digital Library

[21]

Araujo F, Hamlen KW, Biedermann S, Katzenbeisser S. From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation, In: Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), 2014; p. 942–953.

[22]

Blum A.L., Langley P., Selection of relevant features and examples in machine learning, Artificial Intelligence 97 (1) (1997) 245–271.

[23]

Axelsson S. The Base-rate Fallacy and its Implications for the Difficulty of Intrusion Detection, In: Proceedings of the 6th ACM Conference on Computer and Communications Security (CCS), 1999; p. 1–7.

[24]

Intelligence M., Global Cyber Deception Market, Mordor Intelligence, 2018.

[25]

Sadowski G., Kau R., Improve Your Threat Detection Function With Deception Technologies, Gartner, 2019.

[26]

Araujo F, Shapouri M, Pandey S, Hamlen K. Experiences with Honey-patching in Active Cyber Security Education, In: Proceedings of the 8th USENIX Conference on Cyber Security Experimentation and Test (CSET): 2015.

[27]

Araujo F, Taylor T. Improving cybersecurity hygiene through JIT patching, In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2020; p. 1421–1432.

[28]

Araujo F., Hamlen K.W., Compiler-instrumented, dynamic secret-redaction of legacy processes for attacker deception, in: Proceedings of the 24th USENIX Security Symposium, 2015.

[29]

Hamlen K.W., Morrisett G., Schneider F.B., Computability classes for enforcement mechanisms, ACM Trans Program Lang Syst (TOPLAS) 28 (1) (2006) 175–205.

[30]

Banerjee P., Friedrich R., Bash C., Goldsack P., Huberman B., Manley J., Patel C., Ranganathan P., Veitch A., Everything as a service: Powering the new information economy, IEEE Comput 44 (3) (2011) 36–43.

[31]

Burger R.A., Cachin C., Husmann E., Cloud, Trust, Privacy: Trustworthy Cloud Computing Whitepaper, TClouds Project, 2013.

[32]

Khan SM, Hamlen KW. Hatman: Intra-cloud Trust Management for Hadoop, In: Proceedings of the 5th IEEE International Conference on Cloud Computing (CLOUD), 2012; p. 494–501.

[33]

Santos N, Gummadi KP, Rodrigues R. Towards Trusted Cloud Computing, In: Proceedings of the USENIX Workshop in Hot Topics in Cloud Computing (HotCloud): 2009.

[34]

Chow R, Golle P, Jakobsson M, Shi E, Staddon J, Masuoka R, Molina J. Controlling Data in the Cloud: Outsourcing Computation Without Outsourcing Control, In: Proceedings of the ACM Workshop on Cloud Computing Security, 2009; p. 85–90.

[35]

Takabi H., Joshi J.B., Ahn G.-J., Security and privacy challenges in cloud computing environments, IEEE Secur Privacy 8 (6) (2010) 24–31.

[36]

Bowers KD, Juels A, Oprea A. HAIL: A High-availability and Integrity Layer for Cloud Storage, In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), 2009; p. 187–198.

[37]

Nepal S, Chen S, Yao J, Thilakanathan D. DIaaS: Data Integrity as a Service in the Cloud, In: Proceedings of the 4th IEEE International Conference on Cloud Computing (CLOUD), 2011; p. 308–315.

[38]

Khan SM, Hamlen KW. AnonymousCloud: A Data Ownership Privacy Provider Framework in Cloud Computing, In: Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2012; p. 170–176.

[39]

Pearson S., Taking account of privacy when designing cloud computing services, in: Proceedings of the ICSE Workshop on Software Engineering Challenges of Cloud Computing, IEEE, 2009, pp. 44–52.

[40]

Khan SM, Hamlen KW. Computation Certification as a Service in the Cloud, In: Proceedings of the IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), 2013; p. 434–441.

[41]

Khan SM, Hamlen KW, Kantarcioglu M. Silver Lining: Enforcing Secure Information Flow at the Cloud Edge, In: Proceedings of the 2nd IEEE International Conference on Cloud Engineering (IC2E), 2014; p. 37–46.

[42]

Sysdig, Universal system visibility tool, 2021, https://github.com/draios/sysdig.

[43]

tcpdump, Tcpdump and libpcap, 2021, https://www.tcpdump.org/.

[44]

MinIO, Minio object storage, 2019, https://min.io/.

[45]

Chef, Chef configuration management tool, 2016, Accessed May 1, 2020, https://www.chef.io.

[46]

Ansible, Red hat ansible, 2020, Accessed May 1, 2020, https://www.ansible.com.

[47]

Puppet, Puppet configuration management tool, 2016, Accessed May 1, 2020, https://www.puppet.com.

[48]

Canonical, Juju application and service modeling tool, 2021, Accessed March 1, 2021, https://jaas.ai.

[49]

Alnaami K, Ayoade G, Siddiqui A, Ruozzi N, Khan L, Thuraisingham B. P2V: Effective Website Fingerprinting Using Vector Space Representations, In: Proceedings of the IEEE Symposium on Computational Intelligence, 2015; p. 59–66.

[50]

Dyer KP, Coull SE, Ristenpart T, Shrimpton T. Peek-a-boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail, In: Proceedings of the 33rd IEEE Symposium on Security & Privacy (S&P), 2012; p. 332–346.

[51]

Panchenko A, Niessen L, Zinnen A, Engel T. Website Fingerprinting in Onion Routing Based Anonymization Networks, In: Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society (WPES), 2011; p. 103–114.

[52]

Wang T, Cai X, Nithyanand R, Johnson R, Goldberg I. Effective Attacks and Provable Defenses for Website Fingerprinting, In: Proceedings of the 23rd USENIX Security Symposium, 2014:.

[53]

Cortes C., Vapnik V., Support-vector networks, Mach Learn 20 (3) (1995) 273–297.

[54]

LeCun Y., Bengio Y., Hinton G., Deep learning, Nature 521 (2015) 436–444.

[55]

Platt J.C., Probabilistic outputs for support vector machines and comparisons to regularized likelihood methods, in: Advances in Large Margin Classifiers, MIT Press, 1999, pp. 61–74.

[56]

Gao Y, Li Y-F, Chandra S, Khan L, Thuraisingham B. Towards Self-adaptive Metric Learning on the Fly, In: Proceedings of the 28th International World Wide Web Conference (WWW), 2019; p. 503–513.

[57]

Ayoade G, Araujo F, Al-Naami K, Mustafa AM, Gao Y, Hamlen KW, Khan L. Automating Cyberdeception Evaluation with Deep Learning, In: Proceedings of the 53rd Hawaii International Conference on System Sciences (HICSS), 2020.

[58]

Li W., Gao Y., Wang L., Zhou L., Huo J., Shi Y., OPML: A one-pass closed-form solution for online metric learning, Pattern Recognit 75 (2018) 302–314.

[59]

Chechik G., Sharma V., Shalit U., Bengio S., Large scale online learning of image similarity through ranking, J Mach Learn Res (JMLR) 11 (2010) 1109–1135.

[60]

Jain P, Kulis B, Dhillon IS, Grauman K. Online Metric Learning and Fast Similarity Search, In: Proceedings of the 21st International Conference on Neural Information Processing Systems (NIPS), 2008; p. 761–768.

[61]

Jin R, Wang S, Zhou Y. Regularized Distance Metric Learning: Theory and Algorithm, In: Proceedings of the 22nd International Conference on Neural Information Processing Systems (NIPS), 2009: 862–870.

[62]

Breen C, Khan L, Ponnusamy A. Image Classification Using Neural Networks and Ontologies, In: Proceedings of the 13th International Workshop on Database and Expert Systems Applications, 2002; p. 98–102.

[63]

Xiang S., Nie F., Zhang C., Learning a mahalanobis distance metric for data clustering and classification, Pattern Recognit 41 (12) (2008) 3600–3612.

Digital Library

[64]

Masud MM, Al-Khateeb TM, Khan L, Aggarwal C, Gao J, Han J, Thuraisingham B. Detecting Recurring and Novel Classes in Concept-Drifting Data Streams, In: Proceedings of the 11th International IEEE Conference on Data Mining, 2011; p. 1176–1181.

[65]

Al-Khateeb T., Masud M.M., Al-Naami K.M., Seker S.E., Mustafa A.M., Khan L., Trabelsi Z., Aggarwal C., Han J., Recurring and novel class detection using class-based ensemble for evolving data stream, IEEE Trans Knowl Data Eng 28 (10) (2016) 2752–2764.

[66]

Masud MM, Gao J, Khan L, Han J, Thuraisingham B. A Practical Approach to Classify Evolving Data Streams: Training with Limited Amount of Labeled Data, In: Proceedings of the International Conference on Data Mining (ICDM), 2008; p. 929–934.

[67]

Vincent P., Larochelle H., Bengio Y., Manzagol P.-A., Extracting and composing robust features with denoising autoencoders, in: Proceedings of the 25th International Conference on Machine Learning, ACM, 2008, pp. 1096–1103.

[68]

Vincent P., Larochelle H., Lajoie I., Bengio Y., Manzagol P.-A., Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion, J Mach Learn Res 11 (Dec) (2010) 3371–3408.

[69]

Chen M., Weinberger K.Q., Sha F., Bengio Y., Marginalized denoising auto-encoders for nonlinear representations., in: ICML, 2014, pp. 1476–1484.

[70]

Bengio Y., Learning deep architectures for AI, Found Trends Mach Learn 2 (1) (2009) 1–127,.

Digital Library

[71]

Hall M., Frank E., Holmes G., Pfahringer B., Reutemann P., Witten I.H., The WEKA data mining software: An update, ACM SIGKDD Explor Newsl 11 (1) (2009) 10–18.

Digital Library

[72]

Chang C.-C., Lin C.-J., LIBSVM: A library for support vector machines, ACM Trans Intell Syst Technol (TIST) 2 (3) (2011).

[73]

PyTorch, Open source deep learning platform, 2019, https://pytorch.org.

[74]

LXC, Linux containers, 2019, http://linuxcontainers.org.

[75]

Boggs N, Zhao H, Du S, Stolfo SJ. Synthetic Data Generation and Defense in Depth Measurement of Web Applications, In: Proceedings of the 17th International Symposium on Recent Advances in Intrusion Detection (RAID), 2014; p. 234–254.

[76]

Selenium, Selenium browser automation, 2019, http://www.seleniumhq.org.

[77]

Greene D, Cunningham P. Practical Solutions to the Problem of Diagonal Dominance in Kernel Document Clustering, In: Proceedings of the 23rd International Conference on Machine Learning (ICML), 2006; p. 377–384.

[78]

Mockaroo, Product data set, 2018, https://www.mockaroo.com.

[79]

Dudorov D, Stupples D, Newby M. Probability Analysis of Cyber Attack Paths Against Business and Commercial Enterprise Systems, In: Proceedings of the IEEE European Intelligence and Security Informatics Conference (EISIC), 2013; p. 38–44.

[80]

Juarez M, Afroz S, Acar G, Diaz C, Greenstadt R. A Critical Evaluation of Website Fingerprinting Attacks, In: Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS), 2014; p. 263–274.

[81]

Wright CV, Coull SE, Monrose F. Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis, In: Proceedings of the 16th IEEE Network and Distributed Security Symposium, 2009; p. 237–250.

[82]

van der Maaten L., Hinton G.E., Visualizing high-dimensional data using t-SNE, J Mach Learn Res 9 (2008) 2579–2605.

[83]

Souders S., High Performance Web Sites: Essential Knowledge for Front-End Engineers, O’Reilly, 2007.

[84]

Haque A, Khan L, Baron M. SAND: Semi-supervised Adaptive Novel Class Detection and Classification Over Data Stream, In: Proceedings of the 30th Conference on Artificial Intelligence (AAAI), 2016; p. 1652–1658.

[85]

He H., Garcia E.A., Learning from imbalanced data, IEEE Trans Knowl Data Eng (TKDE) 21 (9) (2009) 1263–1284.

[86]

Cieslak DA, Chawla NV, Striegel A. Combating Imbalance in Network Intrusion Datasets, In: Proceedings of the IEEE International Conference on Granular Computing (GrC), 2006; p. 732–737.

[87]

Ring M., Wunderlich S., Scheuring D., Landes D., Hotho A., A survey of network-based intrusion detection data sets, Comput Secur 86 (2019) 147–167.

Digital Library

[88]

Ahmed M., Mahmood A.N., Hu J., A survey of network anomaly detection techniques, J Netw Comput Appl 60 (2016) 19–31.

Digital Library

[89]

Kovanen T, David G, Hämäläinen T. Survey: Intrusion Detection Systems in Encrypted Traffic, In: Proceedings of the 16th International Conference on Next Generation Wired/Wireless Networking (NEW2AN), 2016; p. 281–293.

[90]

Manandhar P, Aung Z. Towards Practical Anomaly-based Intrusion Detection by Outlier Mining on TCP Packets, In: Proceedings of the 25th International Conference on Database and Expert Systems Applications (DEXA), 2014; p. 164–173.

[91]

Zhang M, Xu B, Wang D. An Anomaly Detection Model for Network Intrusions Using One-class SVM and Scaling Strategy, In: Proceedings of the 11th International Conference on Collaborative Computing: Networking, Applications, and Worksharing (CollaborateCom), 2015; p. 267–278.

[92]

DARPA, DARPA transparent computing APT dataset, 2020, Accessed March 10, 2021, https://github.com/darpa-i2o/Transparent-Computing.

[93]

Sharafaldin I, Lashkari AH, Ghorbani AA. Toward generating a new intrusion detection dataset and intrusion traffic characterization, In: Proceedings of the International Conference on Information Systems Security and Privacy, 2018; p. 108–116.

[94]

Masud M.M., Al-Khateeb T.M., Hamlen K.W., Gao J., Khan L., Han J., Thuraisingham B., Cloud-based malware detection for evolving data streams, ACM Trans Manage Inform Syst (TMIS) 2 (3) (2008).

[95]

Masud MM, Gao J, Khan L, Han J, Thuraisingham B. Classification and Novel Class Detection in Data Streams with Active Mining, In: Proceedings of the 14th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD), 2010; p. 311–324.

[96]

Ferrag M.A., Maglaras L., Moschoyiannis S., Janicke H., Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study, J Inform Secur Appl 50 (2020).

Digital Library

[97]

Yuan S., Wu X., Deep learning for insider threat detection: Review, challenges and opportunities, Comput Secur (2021).

[98]

Eskin E., Arnold A., Prerau M., Portnoy L., Stolfo S., A geometric framework for unsupervised anomaly detection, in: Applications of Data Mining in Computer Security, Springer, 2002, pp. 77–101.

[99]

Awad M, Khan L, Bastani F, Yen I-L. An Effective Support Vector Machines (SVMs) Performance Using Hierarchical Clustering, In: Proceedings of the 16th IEEE International Conference on Tools with Artificial Intelligence (ICTAI), 2004: p. 663–667.

[100]

Valdes A., Skinner K., Adaptive, model-based monitoring for cyber attack detection, in: Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), Springer, 2000, pp. 80–93.

[101]

Lee W, Xiang D. Information-theoretic Measures for Anomaly Detection, In: Proceedings of the 22nd IEEE Symposium on Security & Privacy (S&P), 2001; p. 130–143.

[102]

Krügel C, Toth T, Kirda E. Service Specific Anomaly Detection for Network Intrusion Detection, In: Proceedings of the 17th ACM Symposium on Applied Computing (SAC), 2002; p. 201–208.

[103]

Kruegel C, Vigna G. Anomaly Detection of Web-based Attacks, In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS), 2003; p. 251–261.

[104]

Kruegel C., Vigna G., Robertson W., A multi-model approach to the detection of web-based attacks, Comput Netw 48 (5) (2005) 717–738.

[105]

Marceau C. Characterizing the Behavior of a Program Using Multiple-length N-grams, In: Proceedings of the New Security Paradigms Workshop (NSPW), 2001: p. 101–110.

[106]

Cohen WW. Fast Effective Rule Induction, In: Proceedings of the 12th International Conference on Machine Learning, 1995; p. 115–123.

[107]

Warrender C, Forrest S, Pearlmutter B. Detecting Intrusions Using System Calls: Alternative Data Models, In: Proceedings of the 20th IEEE Symposium on Security & Privacy (S&P), 1999; p. 133–145.

[108]

Shu X, Yao D, Ramakrishnan N. Unearthing Stealthy Program Attacks Buried in Extremely Long Execution Paths, In: Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS), 2015; p. 401–413.

[109]

Liu F, Wen Y, Zhang D, Jiang X, Xing X, Meng D. Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise, In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2019; p. 1777–1794.

[110]

Han X, Pasquier T, Bates A, Mickens J, Seltzer M. Unicorn: Runtime provenance-based detector for advanced persistent threats, In: Proceedings of the Network & Distributed System Security Symposium (NDSS), 2020.

[111]

Yuan F., Cao Y., Shang Y., Liu Y., Tan J., Fang B., Insider threat detection with deep neural network, in: International Conference on Computational Science, Springer, 2018, pp. 43–54.

[112]

Yuan S., Zheng P., Wu X., Li Q., Insider threat detection via hierarchical neural temporal point processes, in: IEEE International Conference on Big Data (Big Data), IEEE, 2019, pp. 1343–1350.

[113]

Portokalidis G., Slowinska A., Bos H., Argos: An emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation, Oper Syst Rev 40 (4) (2006) 15–27.

[114]

Tang Y, Chen S. Defending Against Internet Worms: A Signature-based Approach, In: Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), 2005; p. 1384–1394.

[115]

Kreibichi C., Crowcroft J., Honeycomb – creating intrusion detection signatures using honeypots, ACM SIGCOMM Comput Commun Rev 34 (1) (2004) 51–56.

[116]

Anagnostakis KG, Sidiroglou S, Akritidis P, Xinidis K, Markatos E, Keromytis AD. Detecting Targeted Attacks Using Shadow Honeypots, In: Proceedings of the 14th USENIX Security Symposium, 2005:.

[117]

Anagnostakis K.G., Sidiroglou S., Akritidis P., Polychronakis M., Keromytis A.D., Markatos E.P., Shadow honeypots, Int J Comput Netw Secur (IJCNS) 2 (9) (2010) 1–15.

[118]

Hofmeyr S.A., Forrest S., Somayaji A., Intrusion detection using sequences of system calls, J Comput Secur 6 (3) (1998) 151–180.

[119]

Kim J., Bentley P.J., Aickelin U., Greensmith J., Tedesco G., Twycross J., Immune system approaches to intrusion detection—A review, Nat Comput 6 (4) (2007) 413–466.

[120]

Kapravelos A, Shoshitaishvili Y, Cova M, Kruegel C, Vigna G. Revolver: An Automated Approach to the Detection of Evasive Web-based Malware, In: Proceedings of the 22nd USENIX Security Symposium, 2013; p. 637–652.

[121]

Canali D, Cova M, Vigna G, Kruegel C. Prophiler: A Fast Filter for the Large-scale Detection of Malicious Web Pages, In: Proceedings of the 20th International World Wide Web Conference (WWW), 2011; p. 197–206.

[122]

Bartos K, Sofka M, Franc V. Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants, In: Proceedings of the 25th USENIX Security Symposium, 2016; p. 807–822.

[123]

Spitzner L., Honeypots: Tracking Hackers, Addison-Wesley, 2002.

Digital Library

[124]

Masud M., Khan L., Thuraisingham B., Data Mining Tools for Malware Detection, CRC Press, 2011.

[125]

Cabrera J.B., Lewis L., Mehra R.K., Detection and classification of intrusions and faults using sequences of system calls, ACM SIGMOD Record 30 (4) (2001) 25–34.

Index Terms

Crook-sourced intrusion detection as a service

Index terms have been assigned to the content through auto-classification.

Recommendations

Improving intrusion detectors by crook-sourcing
ACSAC '19: Proceedings of the 35th Annual Computer Security Applications Conference

Conventional cyber defenses typically respond to detected attacks by rejecting them as quickly and decisively as possible; but aborted attacks are missed learning opportunities for intrusion detection. A method of reimagining cyber attacks as free ...
An auto-learning approach for network intrusion detection

In this paper, we propose a novel intrusion detection technique with a fully automatic attack signatures generation capability. The proposed approach exploits a honeypot traffic data analysis to build an attack scenarios database, used to detect ...
Honeypot detection in advanced botnet attacks

Botnets have become one of the major attacks in the internet today due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defence systems. Since honeypots set up by security ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Journal of Information Security and Applications

Journal of Information Security and Applications Volume 61, Issue C

Sep 2021

602 pages

ISSN:2214-2126

Issue’s Table of Contents

Elsevier Ltd.

Publisher

Elsevier Science Inc.

United States

Publication History

Published: 01 September 2021

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents