Affordable Access

Access to the full text

Unexpected-Behavior Detection Using TopK Rankings for Cybersecurity

Authors
  • parres-peredo, alvaro
  • piza-davila, ivan
  • cervantes, francisco
Publication Date
Oct 17, 2019
Identifiers
DOI: 10.3390/app9204381
OAI: oai:mdpi.com:/2076-3417/9/20/4381/
Source
MDPI
Keywords
Language
English
License
Green
External links

Abstract

Anomaly-based intrusion detection systems use profiles to characterize expected behavior of network users. Most of these systems characterize the entire network traffic within a single profile. This work proposes a user-level anomaly-based intrusion detection methodology using only the user&rsquo / s network traffic. The proposed profile is a collection of TopK rankings of reached services by the user. To detect unexpected behaviors, the real-time traffic is organized into TopK rankings and compared to the profile using similarity measures. The experiments demonstrated that the proposed methodology was capable of detecting a particular kind of malware attack in all the users tested.

Report this publication

Statistics

Seen <100 times