Unexpected-Behavior Detection Using TopK Rankings for Cybersecurity
- Authors
- Publication Date
- Oct 17, 2019
- Identifiers
- DOI: 10.3390/app9204381
- OAI: oai:mdpi.com:/2076-3417/9/20/4381/
- Source
- MDPI
- Keywords
- Language
- English
- License
- Green
- External links
Abstract
Anomaly-based intrusion detection systems use profiles to characterize expected behavior of network users. Most of these systems characterize the entire network traffic within a single profile. This work proposes a user-level anomaly-based intrusion detection methodology using only the user&rsquo / s network traffic. The proposed profile is a collection of TopK rankings of reached services by the user. To detect unexpected behaviors, the real-time traffic is organized into TopK rankings and compared to the profile using similarity measures. The experiments demonstrated that the proposed methodology was capable of detecting a particular kind of malware attack in all the users tested.