Unsupervised Anomaly Detectors to Detect Intrusions in the Current Threat Landscape

12/21/2020
by   Tommaso Zoppi, et al.
25

Anomaly detection aims at identifying unexpected fluctuations in the expected behavior of a given system. It is acknowledged as a reliable answer to the identification of zero-day attacks to such extent, several ML algorithms that suit for binary classification have been proposed throughout years. However, the experimental comparison of a wide pool of unsupervised algorithms for anomaly-based intrusion detection against a comprehensive set of attacks datasets was not investigated yet. To fill such gap, we exercise seventeen unsupervised anomaly detection algorithms on eleven attack datasets. Results allow elaborating on a wide range of arguments, from the behavior of the individual algorithm to the suitability of the datasets to anomaly detection. We conclude that algorithms as Isolation Forests, One-Class Support Vector Machines and Self-Organizing Maps are more effective than their counterparts for intrusion detection, while clustering algorithms represent a good alternative due to their low computational complexity. Further, we detail how attacks with unstable, distributed or non-repeatable behavior as Fuzzing, Worms and Botnets are more difficult to detect. Ultimately, we digress on capabilities of algorithms in detecting anomalies generated by a wide pool of unknown attacks, showing that achieved metric scores do not vary with respect to identifying single attacks.

READ FULL TEXT

page 12

page 15

page 16

page 18

page 19

research
08/11/2022

Unsupervised Face Morphing Attack Detection via Self-paced Anomaly Detection

The supervised-learning-based morphing attack detection (MAD) solutions ...
research
01/30/2018

Anomaly detection in wide area network mesh using two machine learning anomaly detection algorithms

Anomaly detection is the practice of identifying items or events that do...
research
02/28/2022

Prepare for Trouble and Make it Double. Supervised and Unsupervised Stacking for AnomalyBased Intrusion Detection

In the last decades, researchers, practitioners and companies struggled ...
research
04/27/2019

Exploring Information Centrality for Intrusion Detection in Large Networks

Modern networked systems are constantly under threat from systemic attac...
research
01/13/2019

A Machine-Synesthetic Approach To DDoS Network Attack Detection

In the authors' opinion, anomaly detection systems, or ADS, seem to be t...
research
06/02/2020

Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques – An Experiment

Attacks by Advanced Persistent Threats (APTs) have been shown to be diff...

Please sign up or login with your details

Forgot password? Click here to reset