SuperB: Superior Behavior-based Anomaly Detection Defining Authorized Users' Traffic Patterns
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Karasek, Daniel Y. | - |
dc.contributor.author | Kim, Jeehyeong | - |
dc.contributor.author | Kemmoe, Victor Youdom | - |
dc.contributor.author | Bhuiyan, Md Zakirul Alam | - |
dc.contributor.author | Cho, Sunghyun | - |
dc.contributor.author | Son, Junggab | - |
dc.date.accessioned | 2023-12-12T12:30:33Z | - |
dc.date.available | 2023-12-12T12:30:33Z | - |
dc.date.issued | 2020-09 | - |
dc.identifier.issn | 1095-2055 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/erica/handle/2021.sw.erica/116311 | - |
dc.description.abstract | Network anomalies are correlated to activities that deviate from regular behavior patterns in a network, and they are undetectable until their actions are defined as malicious. Current work in network anomaly detection includes network-based and host-based intrusion detection systems. However, most of them suffer from high false detection rates due to the base rate fallacy. To overcome such a drawback, this paper proposes a superior behavior-based anomaly detection system (SuperB) that defines legitimate network behaviors of authorized users in order to identify unauthorized accesses. We define the network behaviors of the authorized users by training the proposed deep learning model with time-series data extracted from network packets of each of the users. Then, the trained model is used to classify all other behaviors (we define these as anomalies) from the defined legitimate behaviors. As a result, SuperB effectively detects all anomalies of network behaviors. Our simulation results show that the proposed algorithm needs at least five end-toend conversations to achieve over 95% accuracy and over 93% recall rate. Some simulations show 100% accuracy and recall rate. Our simulations use live network data combined with the CICIDS2017 data set. The performance has an average of less than 1.1% false-positive rate with some simulations showing 0%. The execution time to process each conversation is 85.20 +/- 0.60 milliseconds (ms), and thus it takes about only 426 ms to process five conversations to identify anomaly. | - |
dc.format.extent | 9 | - |
dc.language | 영어 | - |
dc.language.iso | ENG | - |
dc.publisher | IEEE | - |
dc.title | SuperB: Superior Behavior-based Anomaly Detection Defining Authorized Users' Traffic Patterns | - |
dc.type | Article | - |
dc.publisher.location | 미국 | - |
dc.identifier.doi | 10.1109/ICCCN49398.2020.9209657 | - |
dc.identifier.scopusid | 2-s2.0-85093858761 | - |
dc.identifier.wosid | 000627816700051 | - |
dc.identifier.bibliographicCitation | 2020 29th International Conference on Computer Communications and Networks (ICCCN), v.2020-August, pp 1 - 9 | - |
dc.citation.title | 2020 29th International Conference on Computer Communications and Networks (ICCCN) | - |
dc.citation.volume | 2020-August | - |
dc.citation.startPage | 1 | - |
dc.citation.endPage | 9 | - |
dc.type.docType | Proceedings Paper | - |
dc.description.isOpenAccess | N | - |
dc.description.journalRegisteredClass | sci | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Telecommunications | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Hardware & Architecture | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Telecommunications | - |
dc.subject.keywordAuthor | Anomaly Detection | - |
dc.subject.keywordAuthor | Network Anomaly | - |
dc.subject.keywordAuthor | Deep Learning | - |
dc.subject.keywordAuthor | Classification | - |
dc.subject.keywordAuthor | Behavior identification | - |
dc.identifier.url | https://ieeexplore.ieee.org/document/9209657?arnumber=9209657&SID=EBSCO:edseee | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
55 Hanyangdeahak-ro, Sangnok-gu, Ansan, Gyeonggi-do, 15588, Korea+82-31-400-4269 sweetbrain@hanyang.ac.kr
COPYRIGHT © 2021 HANYANG UNIVERSITY. ALL RIGHTS RESERVED.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.