Skip to main content
SpringerLink
Log in

A Survey on the Use of Data Points in IDS Research

  • Conference paper
  • First Online:
Proceedings of the Tenth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2018) (SoCPaR 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 942))

Included in the following conference series:

Abstract

In today’s diverse cyber threat landscape, anomaly-based intrusion detection systems that learn the normal behavior of a system and have the ability to detect previously unknown attacks are needed. However, the data gathered by the intrusion detection system is useless if we do not form reasonable data points for machine learning methods to work, based on the collected data sets. In this paper, we present a survey on data points used in previous research in the context of anomaly-based IDS research. We also introduce a novel categorization of the features used to form these data points.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Al-Jarrah, O., Arafat, A.: Network intrusion detection system using attack behavior classification. In: 5th International Conference on Information and Communication Systems (ICICS), pp. 1–6. IEEE (2014)

    Google Scholar 

  2. Alanazi, H., Noor, R., Zaidan, B., Zaidan, A.: Intrusion detection system: overview. arXiv preprint arXiv:1002.4047 (2010)

  3. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutor. 16(1), 303–336 (2014)

    Article  Google Scholar 

  4. Erman, J., Mahanti, A., Arlitt, M.: Qrp05-4: Internet traffic identification using machine learning. In: 2006 Global Telecommunications Conference, GLOBECOM 2006, pp. 1–6. IEEE (2006)

    Google Scholar 

  5. Estan, C., Savage, S., Varghese, G.: Automatically inferring patterns of resource consumption in network traffic. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 137–148. ACM (2003)

    Google Scholar 

  6. Feroz, M.N., Mengel, S.: Phishing URL detection using URL ranking. In: 2015 IEEE International Congress on Big Data (BigData Congress), pp. 635–638. IEEE (2015)

    Google Scholar 

  7. Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009)

    Article  Google Scholar 

  8. Gonzalez, R., Manco, F., Garcia-Duran, A., Mendes, J., Huici, F., Niccolini, S., Niepert, M.: Net2Vec: deep learning for the network. In: Proceedings of the Workshop on Big Data Analytics and Machine Learning for Data Communication Networks, pp. 13–18. ACM (2017)

    Google Scholar 

  9. Hammerschmidt, C., Marchal, S., State, R., Pellegrino, G., Verwer, S.: Efficient learning of communication profiles from IP flow records. In: 2016 41st Conference on Local Computer Networks (LCN), pp. 559–562. IEEE (2016)

    Google Scholar 

  10. Hotho, A., Maedche, A., Staab, S.: Ontology-based text document clustering. Künsliche Intelligenz (KI) 16(4), 48–54 (2002)

    Google Scholar 

  11. Kemmerer, R.A., Vigna, G.: Intrusion detection: a brief history and overview. Computer 35(4), supl27–supl30 (2002)

    Article  Google Scholar 

  12. Liu, Y., Li, W., Li, Y.C.: Network traffic classification using k-means clustering. In: 2007 Second International Multi-Symposiums on Computer and Computational Sciences, IMSCCS 2007, pp. 360–365. IEEE (2007)

    Google Scholar 

  13. Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1245–1254. ACM (2009)

    Google Scholar 

  14. Magdalinos, P., Barmpounakis, S., Spapis, P., Kaloxylos, A., Kyprianidis, G., Kousaridas, A., Alonistioti, N., Zhou, C.: A context extraction and profiling engine for 5G network resource mapping. Comput. Commun. 109, 184–201 (2017)

    Article  Google Scholar 

  15. Mahmood, A.N., Leckie, C., Udaya, P.: An efficient clustering scheme to exploit hierarchical data in network traffic analysis. IEEE Trans. Knowl. Data Eng. 20(6), 752–767 (2008)

    Article  Google Scholar 

  16. McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow clustering using machine learning techniques. In: International Workshop on Passive and Active Network Measurement, pp. 205–214. Springer (2004)

    Google Scholar 

  17. Sarmadi, S., Li, M., Chellappan, S.: On the feasibility of profiling internet users based on volume and time of usage. In: 2017 9th Latin-American Conference on Communications (LATINCOM), pp. 1–6. IEEE (2017)

    Google Scholar 

  18. Shadi, K., Natarajan, P., Dovrolis, C.: Hierarchical IP flow clustering. In: Proceedings of the Workshop on Big Data Analytics and Machine Learning for Data Communication Networks, pp. 25–30. ACM (2017)

    Google Scholar 

  19. Singh, H.: Performance analysis of unsupervised machine learning techniques for network traffic classification. In: 2015 Fifth International Conference on Advanced Computing & Communication Technologies (ACCT), pp. 401–404. IEEE (2015)

    Google Scholar 

  20. Singh, R., Kumar, H., Singla, R.: An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Syst. Appl. 42(22), 8609–8624 (2015)

    Article  Google Scholar 

  21. Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)

    Article  Google Scholar 

  22. Valenti, S., Rossi, D., Dainotti, A., Pescapè, A., Finamore, A., Mellia, M.: Reviewing traffic classification. In: Data Traffic Monitoring and Analysis, pp. 123–147. Springer (2013)

    Google Scholar 

  23. Wang, C., Song, Y., El-Kishky, A., Roth, D., Zhang, M., Han, J.: Incorporating world knowledge to document clustering via heterogeneous information networks. In: Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1215–1224. ACM (2015)

    Google Scholar 

  24. Wang, Y., Xiang, Y., Zhang, J., Zhou, W., Wei, G., Yang, L.T.: Internet traffic classification using constrained clustering. IEEE Trans. Parallel Distrib. Syst. 25(11), 2932–2943 (2014)

    Article  Google Scholar 

  25. Xu, K., Zhang, Z.L., Bhattacharyya, S.: Internet traffic behavior profiling for network security monitoring. IEEE/ACM Trans. Netw. 16(6), 1241–1252 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Turku, Turku, Finland

    Heini Ahde, Sampsa Rauti & Ville Leppanen

Authors
  1. Heini Ahde
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sampsa Rauti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ville Leppanen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sampsa Rauti .

Editor information

Editors and Affiliations

  1. School of Engineering, Instituto Superior de Engenharia (ISEP/IPP), Porto, Portugal

    Ana Maria Madureira

  2. Machine Intelligence Research Labs (MIR), Auburn, WA, USA

    Ajith Abraham

  3. Machine Intelligence Research Labs (MIR Labs), Auburn, WA, USA

    Niketa Gandhi

  4. Politécnico de Leiria, Leiria, Portugal

    Catarina Silva

  5. Politécnico de Leiria, Leiria, Portugal

    Mário Antunes

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ahde, H., Rauti, S., Leppanen, V. (2020). A Survey on the Use of Data Points in IDS Research. In: Madureira, A., Abraham, A., Gandhi, N., Silva, C., Antunes, M. (eds) Proceedings of the Tenth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2018). SoCPaR 2018. Advances in Intelligent Systems and Computing, vol 942. Springer, Cham. https://doi.org/10.1007/978-3-030-17065-3_33

Download citation

Publish with us

Policies and ethics

Search

Navigation