Hurst parameter based anomaly detection for intrusion detection system

Song Jin Yu; Pauline Koh; Hyukmin Kwon; Dong Seong Kim; Huy Kang Kim

doi:10.1109/CIT.2016.98

Hurst parameter based anomaly detection for intrusion detection system

Song Jin Yu, Pauline Koh, Hyukmin Kwon, Dong Seong Kim, Huy Kang Kim

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

12 Citations (Scopus)

Abstract

Cyber-attack technologies have been evolved continuously. As a result, new attacks and their variants appearevery day. Also, intelligent and malicious attackers use varioustechniques to bypass the current signature and anomalydetection based intrusion detection systems. To detect thenew attacks more effectively, new anomaly detection modelis needed. In this paper, we propose a novel anomaly detectionmethod based on the self-similarity estimation of systems andnetworks. We primarily use the self-similarity property whichis characterized by the Hurst parameter. With the proposedmethod, we can detect network and system's anomaly statusby computing the change of self-similarity value. We evaluatedthe effectiveness and efficiency of our approach using the'1999 DARPA Intrusion Detection Evaluation dataset'. Also, we deployed the self-similarity based IDS in the real watergrid system.

Original language	English
Title of host publication	Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	234-240
Number of pages	7
ISBN (Electronic)	9781509043149
DOIs	https://doi.org/10.1109/CIT.2016.98
Publication status	Published - 2017 Mar 10
Event	16th IEEE International Conference on Computer and Information Technology, CIT 2016 - Nadi, Fiji Duration: 2016 Dec 7 → 2016 Dec 10

Publication series

Name	Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016

Other

Other	16th IEEE International Conference on Computer and Information Technology, CIT 2016
Country/Territory	Fiji
City	Nadi
Period	16/12/7 → 16/12/10

Keywords

Anomaly detection
Hurst parameter
Intrusion detection system

ASJC Scopus subject areas

Software
Computer Science Applications
Computer Networks and Communications
Information Systems
Safety, Risk, Reliability and Quality

Access to Document

10.1109/CIT.2016.98

Cite this

Yu, S. J., Koh, P., Kwon, H., Kim, D. S., & Kim, H. K. (2017). Hurst parameter based anomaly detection for intrusion detection system. In Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016 (pp. 234-240). [7876343] (Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CIT.2016.98

Hurst parameter based anomaly detection for intrusion detection system. / Yu, Song Jin; Koh, Pauline; Kwon, Hyukmin et al.
Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016. Institute of Electrical and Electronics Engineers Inc., 2017. p. 234-240 7876343 (Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yu, SJ, Koh, P, Kwon, H, Kim, DS & Kim, HK 2017, Hurst parameter based anomaly detection for intrusion detection system. in Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016., 7876343, Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016, Institute of Electrical and Electronics Engineers Inc., pp. 234-240, 16th IEEE International Conference on Computer and Information Technology, CIT 2016, Nadi, Fiji, 16/12/7. https://doi.org/10.1109/CIT.2016.98

Yu SJ, Koh P, Kwon H, Kim DS, Kim HK. Hurst parameter based anomaly detection for intrusion detection system. In Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016. Institute of Electrical and Electronics Engineers Inc. 2017. p. 234-240. 7876343. (Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016). doi: 10.1109/CIT.2016.98

Yu, Song Jin ; Koh, Pauline ; Kwon, Hyukmin et al. / Hurst parameter based anomaly detection for intrusion detection system. Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 234-240 (Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016).

@inproceedings{a5cca20eb0244f41854468d46a33fe74,

title = "Hurst parameter based anomaly detection for intrusion detection system",

abstract = "Cyber-attack technologies have been evolved continuously. As a result, new attacks and their variants appearevery day. Also, intelligent and malicious attackers use varioustechniques to bypass the current signature and anomalydetection based intrusion detection systems. To detect thenew attacks more effectively, new anomaly detection modelis needed. In this paper, we propose a novel anomaly detectionmethod based on the self-similarity estimation of systems andnetworks. We primarily use the self-similarity property whichis characterized by the Hurst parameter. With the proposedmethod, we can detect network and system's anomaly statusby computing the change of self-similarity value. We evaluatedthe effectiveness and efficiency of our approach using the'1999 DARPA Intrusion Detection Evaluation dataset'. Also, we deployed the self-similarity based IDS in the real watergrid system.",

keywords = "Anomaly detection, Hurst parameter, Intrusion detection system",

author = "Yu, {Song Jin} and Pauline Koh and Hyukmin Kwon and Kim, {Dong Seong} and Kim, {Huy Kang}",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 16th IEEE International Conference on Computer and Information Technology, CIT 2016 ; Conference date: 07-12-2016 Through 10-12-2016",

year = "2017",

month = mar,

day = "10",

doi = "10.1109/CIT.2016.98",

language = "English",

series = "Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "234--240",

booktitle = "Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016",

}

TY - GEN

T1 - Hurst parameter based anomaly detection for intrusion detection system

AU - Yu, Song Jin

AU - Koh, Pauline

AU - Kwon, Hyukmin

AU - Kim, Dong Seong

AU - Kim, Huy Kang

PY - 2017/3/10

Y1 - 2017/3/10

N2 - Cyber-attack technologies have been evolved continuously. As a result, new attacks and their variants appearevery day. Also, intelligent and malicious attackers use varioustechniques to bypass the current signature and anomalydetection based intrusion detection systems. To detect thenew attacks more effectively, new anomaly detection modelis needed. In this paper, we propose a novel anomaly detectionmethod based on the self-similarity estimation of systems andnetworks. We primarily use the self-similarity property whichis characterized by the Hurst parameter. With the proposedmethod, we can detect network and system's anomaly statusby computing the change of self-similarity value. We evaluatedthe effectiveness and efficiency of our approach using the'1999 DARPA Intrusion Detection Evaluation dataset'. Also, we deployed the self-similarity based IDS in the real watergrid system.

AB - Cyber-attack technologies have been evolved continuously. As a result, new attacks and their variants appearevery day. Also, intelligent and malicious attackers use varioustechniques to bypass the current signature and anomalydetection based intrusion detection systems. To detect thenew attacks more effectively, new anomaly detection modelis needed. In this paper, we propose a novel anomaly detectionmethod based on the self-similarity estimation of systems andnetworks. We primarily use the self-similarity property whichis characterized by the Hurst parameter. With the proposedmethod, we can detect network and system's anomaly statusby computing the change of self-similarity value. We evaluatedthe effectiveness and efficiency of our approach using the'1999 DARPA Intrusion Detection Evaluation dataset'. Also, we deployed the self-similarity based IDS in the real watergrid system.

KW - Anomaly detection

KW - Hurst parameter

KW - Intrusion detection system

UR - http://www.scopus.com/inward/record.url?scp=85017344534&partnerID=8YFLogxK

U2 - 10.1109/CIT.2016.98

DO - 10.1109/CIT.2016.98

M3 - Conference contribution

AN - SCOPUS:85017344534

T3 - Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016

SP - 234

EP - 240

BT - Proceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 16th IEEE International Conference on Computer and Information Technology, CIT 2016

Y2 - 7 December 2016 through 10 December 2016

ER -

Hurst parameter based anomaly detection for intrusion detection system

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this