Skip to main content
SpringerLink
Log in
Book cover

Transactions on Large-Scale Data- and Knowledge-Centered Systems LI pp 1–27Cite as

Threats Modeling and Anomaly Detection in the Behaviour of a System - A Review of Some Approaches

  • Chapter
  • First Online:

  • 157 Accesses

Part of the book series: Lecture Notes in Computer Science ((TLDKS,volume 13410))

Abstract

With the increase of Big Data, cybersecurity is undergoing massive changes. Because of the vast volume of data, it becomes harder and harder to detect anomalies, and therefore to devise techniques to automatically identify malicious behaviours, even though it is a crucial task. However, Big Data also enables the development of new anomaly detection approaches, based on data analysis and especially machine learning and data mining. With this perspective, it becomes possible to propose solutions that are more flexible and better suited to the new threats that are constantly evolving. In this paper, our objective is to first give a general overview of current approaches used for anomaly detection in the context of cybersecurity, and to implement and test some machine learning techniques for this task, in order to compare their performances. Experiments were carried on the CICIDS2017 dataset, using traditional anomaly detection techniques based on Clustering such as K-Means, EM-Clustering and Classification such as Decision Tree, SVM, Neural Networks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://github.com/gmeriem/Anomaly_Detection_Multiple_Scenarios.

  2. 2.

    https://www.unb.ca/cic/datasets/ids-2017.html.

References

  1. Agrawal, S., Agrawal, J.: Survey on anomaly detection using data mining techniques. Procedia Comput. Sci. 60, 708–713 (2015)

    Article  Google Scholar 

  2. Malatras, A., Ioannis Agrafiotis, M.A.: Securing machine learning algorithms. European Union Agency for Cybersecurity - ENISA, December 2021

    Google Scholar 

  3. Bayuk, J., et al.: Malware risks and mitigation report, vol. 21, p. 139. BITS Financial Services Roundtable, Washington, DC (2011)

    Google Scholar 

  4. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 1–58 (2009)

    Article  Google Scholar 

  5. Cuxac, P., Lamirel, J.C.: Clustering incrémental et méthodes de détection de nouveauté: application à l’analyse intelligente d’informations évoluant au cours du temps (2011)

    Google Scholar 

  6. Georgescu, T.M.: Natural language processing model for automatic analysis of cybersecurity-related documents. Symmetry 12(3), 354 (2020)

    Article  Google Scholar 

  7. Goldstein, M., Uchida, S.: A comparative evaluation of unsupervised anomaly detection algorithms for multivariate data. PLoS ONE 11(4), e0152173 (2016)

    Article  Google Scholar 

  8. Ingram, J.B., Chiang, K., Mustafa, A., Solaimani, M., Sahs, J., Khan, L.: Host-based anomalous behavior detection using cluster-level Markov networks. Technical report, Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Sandia (2013)

    Google Scholar 

  9. Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690–1700 (2014)

    Article  Google Scholar 

  10. Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)

    Article  Google Scholar 

  11. Lu, W., Tong, H.: Detecting network anomalies using CUSUM and EM clustering. In: Cai, Z., Li, Z., Kang, Z., Liu, Y. (eds.) ISICA 2009. LNCS, vol. 5821, pp. 297–308. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04843-2_32

    Chapter  Google Scholar 

  12. Milenkoski, A., Vieira, M., Kounev, S., Avritzer, A., Payne, B.D.: Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput. Surv. (CSUR) 48(1), 1–41 (2015)

    Article  Google Scholar 

  13. Mohamadally Hasan, F.B.: SVM: Machines à vecteurs de support séparateurs à vastes marges. BD Web ISTY3 21, 14–15 (2006)

    Google Scholar 

  14. Mukherjee, S., Sharma, N.: Intrusion detection using Naive Bayes classifier with feature reduction. Procedia Technol. 4, 119–128 (2012)

    Article  Google Scholar 

  15. Omar, S., Ngadi, A., Jebur, H.H.: Machine learning techniques for anomaly detection: an overview. Int. J. Comput. Appl. 79(2) (2013)

    Google Scholar 

  16. Parmar, J.D., Patel, J.T.: Anomaly detection in data mining: a review. Int. J. 7(4), 32–40 (2017)

    Google Scholar 

  17. Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  18. Ranjan, R., Sahoo, G.: A new clustering approach for anomaly intrusion detection. arXiv preprint arXiv:1404.2772 (2014)

  19. Reif, M., Goldstein, M., Stahl, A., Breuel, T.M.: Anomaly detection by combining decision trees and parametric densities. In: 2008 19th International Conference on Pattern Recognition, pp. 1–4. IEEE (2008)

    Google Scholar 

  20. Sarker, I.H., Kayes, A.S.M., Badsha, S., Alqahtani, H., Watters, P., Ng, A.: Cybersecurity data science: an overview from machine learning perspective. J. Big Data 7(1), 1–29 (2020). https://doi.org/10.1186/s40537-020-00318-5

    Article  Google Scholar 

  21. Sarker, I.H., Kayes, A.S.M., Watters, P.: Effectiveness analysis of machine learning classification models for predicting personalized context-aware smartphone usage. J. Big Data 6(1), 1–28 (2019). https://doi.org/10.1186/s40537-019-0219-y

    Article  Google Scholar 

  22. Sauvanaud, C.: Monitoring et détection d’anomalie par apprentissage dans les infrastructures virtualisées. Ph.D. thesis, Toulouse, INSA (2016)

    Google Scholar 

  23. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSp, pp. 108–116 (2018)

    Google Scholar 

  24. Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)

    Google Scholar 

  25. Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy, pp. 305–316. IEEE (2010)

    Google Scholar 

  26. Sun, N., Zhang, J., Rimba, P., Gao, S., Zhang, L.Y., Xiang, Y.: Data-driven cybersecurity incident prediction: a survey. IEEE Commun. Surv. Tutor. 21(2), 1744–1772 (2018)

    Article  Google Scholar 

  27. Tang, H., Cao, Z.: Machine learning-based intrusion detection algorithms. J. Comput. Inf. Syst. 5(6), 1825–1831 (2009)

    Google Scholar 

  28. Teng, M.: Anomaly detection on time series. In: 2010 IEEE International Conference on Progress in Informatics and Computing, vol. 1, pp. 603–608. IEEE (2010)

    Google Scholar 

  29. Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)

    Article  Google Scholar 

  30. Viegas, E., Santin, A.O., Franca, A., Jasinski, R., Pedroni, V.A., Oliveira, L.S.: Towards an energy-efficient anomaly-based intrusion detection engine for embedded systems. IEEE Trans. Comput. 66(1), 163–177 (2016)

    Article  MathSciNet  Google Scholar 

  31. Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Univ Lyon, Université Lyon 1, Villeurbanne, France

    Mériem Ghali & Crystalor Sah

  2. Univ Lyon, Université Lyon 1, LIRIS (UMR 5205 CNRS), Villeurbanne, France

    Marie Le Guilly & Mohand-Saïd Hacid

Authors
  1. Mériem Ghali
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Crystalor Sah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marie Le Guilly
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohand-Saïd Hacid
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mériem Ghali .

Editor information

Editors and Affiliations

  1. IRIT, Paul Sabatier University, Toulouse, France

    Abdelkader Hameurlain

  2. IFS, Technical University of Vienna, Vienna, Austria

    A Min Tjoa

  3. University of Montpellier, Montpellier, France

    Esther Pacitti

  4. University of Rennes 1, Rennes, France

    Zoltan Miklos

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer-Verlag GmbH Germany, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Ghali, M., Sah, C., Guilly, M.L., Hacid, MS. (2022). Threats Modeling and Anomaly Detection in the Behaviour of a System - A Review of Some Approaches. In: Hameurlain, A., Tjoa, A.M., Pacitti, E., Miklos, Z. (eds) Transactions on Large-Scale Data- and Knowledge-Centered Systems LI. Lecture Notes in Computer Science(), vol 13410. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-66111-6_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-66111-6_1

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-66110-9

  • Online ISBN: 978-3-662-66111-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation