Browsing by Author "Parish, David J."
Now showing 1 - 5 of 5
Results Per Page
Sort Options
Item Open Access Adding Contextual Information to Intrusion Detection Systems Using Fuzzy Cognitive Maps(IEEE, 2016-06-23) Aparicio-Navarro, Francisco J.; Kyriakopoulos, Kyriakos; Parish, David J.; Chambers, Jonathon A.In the last few years there has been considerable increase in the efficiency of Intrusion Detection Systems (IDSs). However, networks are still the victim of attacks. As the complexity of these attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of IDSs should be designed incorporating reasoning engines supported by contextual information about the network, cognitive information and situational awareness to improve their detection results. In this paper, we propose the use of a Fuzzy Cognitive Map (FCM) in conjunction with an IDS to incorporate contextual information into the detection process. We have evaluated the use of FCMs to adjust the Basic Probability Assignment (BPA) values defined prior to the data fusion process, which is crucial for the IDS that we have developed. The experimental results that we present verify that FCMs can improve the efficiency of our IDS by reducing the number of false alarms, while not affecting the number of correct detections.Item Open Access Automatic Dataset Labelling and Feature Selection for Intrusion Detection Systems(IEEE, 2014-11-20) Aparicio-Navarro, Francisco J.; Kyriakopoulos, Konstantinos; Parish, David J.Correctly labelled datasets are commonly required. Three particular scenarios are highlighted, which showcase this need. When using supervised Intrusion Detection Systems (IDSs), these systems need labelled datasets to be trained. Also, the real nature of the analysed datasets must be known when evaluating the efficiency of the IDSs when detecting intrusions. Another scenario is the use of feature selection that works only if the processed datasets are labelled. In normal conditions, collecting labelled datasets from real networks is impossible. Currently, datasets are mainly labelled by implementing off-line forensic analysis, which is impractical because it does not allow real-time implementation. We have developed a novel approach to automatically generate labelled network traffic datasets using an unsupervised anomaly based IDS. The resulting labelled datasets are subsets of the original unlabelled datasets. The labelled dataset is then processed using a Genetic Algorithm (GA) based approach, which performs the task of feature selection. The GA has been implemented to automatically provide the set of metrics that generate the most appropriate intrusion detection results.Item Open Access A Data Fusion Technique to Detect Wireless Network Virtual Jamming Attacks(IEEE, 2015-11-12) Escudero-Andreu, G.; Kyriakopoulos, Konstantinos; Aparicio-Navarro, Francisco J.; Parish, David J.; Santoro, D.; Vadursi, M.Wireless communications are potentially exposed to jamming due to the openness of the medium and, in particular, to virtual jamming, which allows more energy-efficient attacks. In this paper we tackle the problem of virtual jamming attacks on IEEE 802.11 networks and present a data fusion solution for the detection of a type of virtual jamming attack (namely, NAV attacks), based on the real-time monitoring of a set of metrics. The detection performance is evaluated in a number of real scenarios.Item Open Access Using Pattern-of-Life as Contextual Information for Anomaly-based Intrusion Detection Systems(IEEE, 2017-10-20) Aparicio-Navarro, Francisco J.; Kyriakopoulos, Konstantinos; Gong, Yu; Parish, David J.; Chambers, Jonathon A.As the complexity of cyber-attacks keeps increasing, new robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measurable network traffic, but also on the available highlevel information related to the protected network. To this end, we make use of the Pattern-of-Life (PoL) of a computer network as the main source of high-level information. We propose two novel approaches that make use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. There are four main aims of the work. First, to evaluate the efficiency of the proposed approaches in identifying the presence of attacks. Second, to identify which of the proposed approaches to integrate an FCM into the IDS framework produces the best results. Third, to identify which of the metrics used in the design of the FCM produces the best detection results. Fourth, to evidence the improved detection performance that contextual information can offer in IDSs. The results that we present verify that the proposed approaches improve the effectiveness of our IDS by reducing the total number of false alarms; providing almost perfect detection rate (i.e., 99.76%) and only 6.33% false positive rate, depending on the particular metric combination.Item Open Access Using the Pattern-of-Life in Networks to Improve the Effectiveness of Intrusion Detection Systems(IEEE, 2017-07-31) Aparicio-Navarro, Francisco J.; Chambers, Jonathon A.; Kyriakopoulos, Konstantinos; Gong, Yu; Parish, David J.As the complexity of cyber-attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measureable network traffic, but also on the available high- level information related to the protected network to improve their detection results. We make use of the Pattern-of-Life (PoL) of a network as the main source of high-level information, which is correlated with the time of the day and the usage of the network resources. We propose the use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. The main aim of this work is to evidence the improved the detection performance of an IDS using an FCM to leverage on network related contextual information. The results that we present verify that the proposed method improves the effectiveness of our IDS by reducing the total number of false alarms; providing an improvement of 9.68% when all the considered metrics are combined and a peak improvement of up to 35.64%, depending on particular metric combination.