A Novel Network user Behaviors and Profile Testing based on Anomaly Detection Techniques
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2019, Vol 10, Issue 6
Abstract
The proliferation of smart devices and computer networks has led to a huge rise in internet traffic and network attacks that necessitate efficient network traffic monitoring. There have been many attempts to address these issues; however, agile detecting solutions are needed. This research work deals with the problem of malware infections or detection is one of the most challenging tasks in modern computer security. In recent years, anomaly detection has been the first detection approach followed by results from other classifiers. Anomaly detection methods are typically designed to new model normal user behaviors and then seek for deviations from this model. However, anomaly detection techniques may suffer from a variety of problems, including missing validations for verification and a large number of false positives. This work proposes and describes a new profile-based method for identifying anomalous changes in network user behaviors. Profiles describe user behaviors from different perspectives using different flags. Each profile is composed of information about what the user has done over a period of time. The symptoms extracted in the profile cover a wide range of user actions and try to analyze different actions. Compared to other symptom anomaly detectors, the profiles offer a higher level of user experience. It is assumed that it is possible to look for anomalies using high-level symptoms while producing less false positives while effectively finding real attacks. Also, the problem of obtaining truly tagged data for training anomaly detection algorithms has been addressed in this work. It has been designed and created datasets that contain real normal user actions while the user is infected with real malware. These datasets were used to train and evaluate anomaly detection algorithms. Among the investigated algorithms for example, local outlier factor (LOF) and one class support vector machine (SVM). The results show that the proposed anomaly-based and profile-based algorithm causes very few false positives and relatively high true positive detection. The two main contributions of this work are a new approaches based on network anomaly detection and datasets containing a combination of genuine malware and actual user traffic. Finally, the future directions will focus on applying the proposed approaches for protecting the internet of things (IOT) devices.
Authors and Affiliations
Muhammad Tahir, MingChu Li, Xiao Zheng, Anil Carie, Xing Jin, Naeem Ayoub, Atif Wagan, Liaquat Ali Jamali, Muhammad Asif Imran, Zahid Hussain Hulio
Keywords
Related Articles
- EP ID EP596788
- DOI 10.14569/IJACSA.2019.0100641
- Views 65
- Downloads 0
Improvement of Persian Spam Filtering by Game Theory
There are different methods for dealing with spams; however, since spammers continuously use tricks to defeat the proposed methods, hence, filters should be constantly updated. In this study, Stackelberg game was used to...
Finite Elements Modeling of Linear Motor for Automatic Sliding Door Application
In this paper, a linear switched reluctance motor is designed and investigated to be used as a sliding door drive system. A non linear two dimensions finite model is built to predict the performance of the designed motor...
Relationship of Liver Enzymes with Viral Load of Hepatitis C in HCV Infected Patients by Data Analytics
Correlation of liver enzyme with viral load of HCV has been previously questioned. Based on previous findings this study was aimed to appraise relationship of liver chemistry with HCV RNA titer and also to assess relatio...
Comparative Study of Bayesian and Energy Detection Including MRC Under Fading Environment in Collaborative Cognitive Radio Network
The most important component of Cognitive Radio Network (CRN) is to sense the underutilised spectrum efficiently in fading environment for incorporating the increasing demand of wireless applications. The result of spect...
Development Process Patterns for Distributed Onshore/Offshore Software Projects
The globalisation of the commercial world, and the use of distributed working practices (Offshore/ onshore/ near-shore) has increased dramatically with the improvement of information and communication technologies. Many...