Everyday advancements in technology brings with it novel challenges and threats. Such advancement imposes greater risks than ever on systems and services, including individual privacy information. Relying on intrusion specialists to come up with new signatures to detect different types of new attacks, does not seem to scale with excessive traffic growth. Therefore, anomaly-based detection provides a promising solution for this problem area.
Anomaly-based IDS applies machine learning, data mining and/or artificial intelligence along with many other methods to solve this problem. Currently, these solutions seem not to be tractable for real production environments due to the high false alarms rate. This might be a result of such systems not being able to determine the point at which an update is required. It is not clear how detection models will behave over time, when traffic behaviour has changed since the last time the model was re-generated.
Therefore, this research attempts to address the effect of the network traffic changes on the detection model over time. This evaluation is expected to reveal a link between these changes and possible degradation of detection capabilities of the trained models. This link might be quantified by metrics which will be used as a monitoring tool to assess these models over time. The findings of this research will provide the research community with a line of research to adopt in future work; to develop anomaly-based IDS that will be efficient and accurate in real life environments.
The progress of this research has resulted so far in providing much evidence on the unsuitability of a well-known dataset (KDD 1999) for such research. It also has resulted in a generation of a new dataset -derived from UNB ISCX 2012 dataset- that will be helpful for the researchers in this field.
- When: 1st June 2017 13:00 - 14:00
- Where: Cole 1.33b
- Series: Systems Seminars Series
- Format: Seminar