-
A Novel Open Set Energy-based Flow Classifier for Network Intrusion Detection
Authors:
Manuela M. C. Souza,
Camila Pontes,
Joao Gondim,
Luis P. F. Garcia,
Luiz DaSilva,
Marcelo A. Marotta
Abstract:
Network intrusion detection systems (NIDS) are one of many solutions that make up a computer security system. Several machine learning-based NIDS have been proposed in recent years, but most of them were developed and evaluated under the assumption that the training context is similar to the test context. In real networks, this assumption is false, given the emergence of new attacks and variants o…
▽ More
Network intrusion detection systems (NIDS) are one of many solutions that make up a computer security system. Several machine learning-based NIDS have been proposed in recent years, but most of them were developed and evaluated under the assumption that the training context is similar to the test context. In real networks, this assumption is false, given the emergence of new attacks and variants of known attacks. To deal with this reality, the open set recognition field, which is the most general task of recognizing classes not seen during training in any domain, began to gain importance in NIDS research. Yet, existing solutions are often bounded to high temporal complexities and performance bottlenecks. In this work, we propose an algorithm to be used in NIDS that performs open set recognition. Our proposal is an adaptation of the single-class Energy-based Flow Classifier (EFC), which proved to be an algorithm with strong generalization capability and low computational cost. The new version of EFC correctly classifies not only known attacks, but also unknown ones, and differs from other proposals from the literature by presenting a single layer with low temporal complexity. Our proposal was evaluated against well-established multi-class algorithms and as an open set classifier. It proved to be an accurate classifier in both evaluations, similar to the state of the art. As a conclusion of our work, we consider EFC a promising algorithm to be used in NIDS for its high performance and applicability in real networks.
△ Less
Submitted 26 April, 2022; v1 submitted 23 September, 2021;
originally announced September 2021.
-
Bot Development for Social Engineering Attacks on Twitter
Authors:
Jefferson Viana Fonseca Abreu,
Jorge Henrique Cabral Fernandes,
João José Costa Gondim,
Célia Ghedini Ralha
Abstract:
A series of bots performing simulated social engineering attacks using phishing in the Twitter platform was developed to identify potentially unsafe user behavior. In this work different bot versions were developed to collect feedback data after stimuli directed to 1,287 twitter accounts for 38 consecutive days. The results were not conclusive about the existence of preceptors for unsafe behavior,…
▽ More
A series of bots performing simulated social engineering attacks using phishing in the Twitter platform was developed to identify potentially unsafe user behavior. In this work different bot versions were developed to collect feedback data after stimuli directed to 1,287 twitter accounts for 38 consecutive days. The results were not conclusive about the existence of preceptors for unsafe behavior, but we conclude that despite Twiter's security this kind of attack is still feasible.
△ Less
Submitted 23 July, 2020;
originally announced July 2020.
-
A new method for flow-based network intrusion detection using the inverse Potts model
Authors:
Camila Pontes,
Manuela Souza,
João Gondim,
Matt Bishop,
Marcelo Marotta
Abstract:
Network Intrusion Detection Systems (NIDS) play an important role as tools for identifying potential network threats. In the context of ever-increasing traffic volume on computer networks, flow-based NIDS arise as good solutions for real-time traffic classification. In recent years, different flow-based classifiers have been proposed using Machine Learning (ML) algorithms. Nevertheless, classical…
▽ More
Network Intrusion Detection Systems (NIDS) play an important role as tools for identifying potential network threats. In the context of ever-increasing traffic volume on computer networks, flow-based NIDS arise as good solutions for real-time traffic classification. In recent years, different flow-based classifiers have been proposed using Machine Learning (ML) algorithms. Nevertheless, classical ML-based classifiers have some limitations. For instance, they require large amounts of labeled data for training, which might be difficult to obtain. Additionally, most ML-based classifiers are not capable of domain adaptation, i.e. after being trained on an specific data distribution, they are not general enough to be applied to other related data distributions. And, finally, many of the models inferred by these algorithms are black boxes, which do not provide explainable results. To overcome these limitations, we propose a new algorithm, called Energy-based Flow Classifier (EFC). This anomaly-based classifier uses inverse statistics to infer a statistical model based on labeled benign examples. We show that EFC is capable of accurately performing binary flow classification and is more adaptable to different data distributions than classical ML-based classifiers. Given the positive results obtained on three different datasets (CIDDS-001, CICIDS17 and CICDDoS19), we consider EFC to be a promising algorithm to perform robust flow-based traffic classification.
△ Less
Submitted 23 September, 2021; v1 submitted 16 October, 2019;
originally announced October 2019.