Adversarial communication networks modeling for intrusion detection strengthened against mimicry

Jorge Maestre Vidal, Marco Antonio Sotelo Monge

Producción científica: Capítulo del libro/informe/acta de congresoArticulo (Contribución a conferencia)revisión exhaustiva

Resumen

The rapid evolution of the emerging communication landscape prompted the rise of never seen before threats, in this way encouraging the development of more effective Network-based Intrusion Detection Systems (NIDS) able to recognize outlying behaviors. But despite the theoretical effectiveness of the existing state-of-the-art, the in-depth review of the bibliography suggests the need for their constant adaptation to the changes in their operational environment and preventing being evaded by mimicry methods. The latest threats attempt to hide the malicious actions in a tangle of statistical features that simulate the normal use of the protected network, so they acquire a greater chance of avoiding the defensive actuators. In order to contribute to their mitigation, this paper introduces a novel intrusion detection strategy resistant against mimicry. The proposal constructs models of the network usage and from them, analyzes the binary contents of the traffic payload looking for outlying patterns that may evidence malicious contents. In contrast to most previous solutions, our research overcomes the traditional strengthening via randomization, by taking advantage of scoring the suspicious packet similarity between legitimate and previously built adversarial models. Its effectiveness was evaluated on the public datasets DARPA’99 and UCM 2011, where its ability to recognize attacks obfuscated by imitation was proven.

Idioma originalInglés
Título de la publicación alojadaProceedings of the 14th International Conference on Availability, Reliability and Security, ARES 2019
EditorialAssociation for Computing Machinery
ISBN (versión digital)9781450371643
DOI
EstadoPublicada - 26 ago. 2019
Publicado de forma externa
Evento14th International Conference on Availability, Reliability and Security, ARES 2019 - Canterbury, Reino Unido
Duración: 26 ago. 201929 ago. 2019

Serie de la publicación

NombreACM International Conference Proceeding Series

Conferencia

Conferencia14th International Conference on Availability, Reliability and Security, ARES 2019
País/TerritorioReino Unido
CiudadCanterbury
Período26/08/1929/08/19

Huella

Profundice en los temas de investigación de 'Adversarial communication networks modeling for intrusion detection strengthened against mimicry'. En conjunto forman una huella única.

Citar esto