Main document
Literature Database Entry
alkhateeb2021adaptive
Omar Alkhateeb, "Adaptive Anomaly Detection: Batch Learning," Master's Thesis, School of Electrical Engineering and Computer Science (EECS), TU Berlin (TUB), September 2021. (Advisor: Hossein Doroud; Referees: Falko Dressler and Thomas Sikora)
Abstract
Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g., data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats. A firewall is well-known as the first layer of defense for a computer network. However, intruders developed new techniques to bypass firewalls and access computer networks during the last decades. As a result, researchers introduced an Intrusion Detection System (IDS) as an additional layer of defense to make the life of intruders more difficult. Intrusion Detection Systems can detect attacks using defined patterns in the traffic (Signature-based Intrusion Detection System) or deviations of the regular network traffic (Anomaly-based Intrusion Detection System). However, these approaches face some drawbacks; a change in the attack patterns makes Signature-based IDS blind in detecting attacks; the dynamic nature of the network traffic makes it difficult to define the normal profile of the network for Anomaly-based IDS. Therefore, I developed in this thesis an anomaly-based Lifelong Learning Intrusion Detection System (LL-IDS) with the help of Snort, which is the most well-known IDS. This anomaly detection system uses a lifelong machine learning algorithm to learn the normal traffic and a batch to retrain from its false positives. Three lifelong machine learning algorithms were chosen to be implemented separately in the IDS and compared on the UNSW-NB15 dataset using different metrics. The algorithm with the highest detection rate and the lowest classification time consumption was implemented with a subset of the feature set (selected by a feature selection algorithm) to compare it with Snort standalone. LL-IDS showed a better detection rate (61.99% precision and 83.40% recall) than Snort standalone (61.54% precision and 51.91% recall).
Quick access
Contact
Omar Alkhateeb
BibTeX reference
@phdthesis{alkhateeb2021adaptive,
author = {Alkhateeb, Omar},
title = {{Adaptive Anomaly Detection: Batch Learning}},
advisor = {Doroud, Hossein},
institution = {School of Electrical Engineering and Computer Science (EECS)},
location = {Berlin, Germany},
month = {9},
referee = {Dressler, Falko and Sikora, Thomas},
school = {TU Berlin (TUB)},
type = {Master's Thesis},
year = {2021},
}
Copyright notice
Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.
The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.
The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.
The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.
This page was automatically generated using BibDB and bib2web.
Extras
Featured Paper
- V-Edge: Virtual Edge Computing as an Enabler for Novel Microservices
and Cooperative Computing
As we move from 5G to 6G, edge computing is one of the concepts that needs revisiting. In this position paper, we discuss a way forward, namely the virtual edge comput...
News
- May 05, 2022
Paper presentation at IEEE INFOCOM 2022
Gurjashan Pannu presented our paper titled "Vehicular Vir... - May 05, 2022
New IEEE Wireless Communications Magazine article
Our article "Data-driven Flight Control of Internet-of-Dr... - May 04, 2022
Distinguished Seminar at IMDEA
Falko Dressler gave a Distinguished Seminar talk "From Co... - April 30, 2022
Falko Dressler elected as Chair of Tactile Internet Technical Committee
Falko Dressler has (again) been elected as part of the Ta... - April 17, 2022
New IEEE Network article
Our article "V-Edge: Virtual Edge Computing as an Enabler...