Abstract
With the increase of Big Data, cybersecurity is undergoing massive changes. Because of the vast volume of data, it becomes harder and harder to detect anomalies, and therefore to devise techniques to automatically identify malicious behaviours, even though it is a crucial task. However, Big Data also enables the development of new anomaly detection approaches, based on data analysis and especially machine learning and data mining. With this perspective, it becomes possible to propose solutions that are more flexible and better suited to the new threats that are constantly evolving. In this paper, our objective is to first give a general overview of current approaches used for anomaly detection in the context of cybersecurity, and to implement and test some machine learning techniques for this task, in order to compare their performances. Experiments were carried on the CICIDS2017 dataset, using traditional anomaly detection techniques based on Clustering such as K-Means, EM-Clustering and Classification such as Decision Tree, SVM, Neural Networks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Agrawal, S., Agrawal, J.: Survey on anomaly detection using data mining techniques. Procedia Comput. Sci. 60, 708–713 (2015)
Malatras, A., Ioannis Agrafiotis, M.A.: Securing machine learning algorithms. European Union Agency for Cybersecurity - ENISA, December 2021
Bayuk, J., et al.: Malware risks and mitigation report, vol. 21, p. 139. BITS Financial Services Roundtable, Washington, DC (2011)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 1–58 (2009)
Cuxac, P., Lamirel, J.C.: Clustering incrémental et méthodes de détection de nouveauté: application à l’analyse intelligente d’informations évoluant au cours du temps (2011)
Georgescu, T.M.: Natural language processing model for automatic analysis of cybersecurity-related documents. Symmetry 12(3), 354 (2020)
Goldstein, M., Uchida, S.: A comparative evaluation of unsupervised anomaly detection algorithms for multivariate data. PLoS ONE 11(4), e0152173 (2016)
Ingram, J.B., Chiang, K., Mustafa, A., Solaimani, M., Sahs, J., Khan, L.: Host-based anomalous behavior detection using cluster-level Markov networks. Technical report, Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Sandia (2013)
Kim, G., Lee, S., Kim, S.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst. Appl. 41(4), 1690–1700 (2014)
Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion detection system: a comprehensive review. J. Netw. Comput. Appl. 36(1), 16–24 (2013)
Lu, W., Tong, H.: Detecting network anomalies using CUSUM and EM clustering. In: Cai, Z., Li, Z., Kang, Z., Liu, Y. (eds.) ISICA 2009. LNCS, vol. 5821, pp. 297–308. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04843-2_32
Milenkoski, A., Vieira, M., Kounev, S., Avritzer, A., Payne, B.D.: Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput. Surv. (CSUR) 48(1), 1–41 (2015)
Mohamadally Hasan, F.B.: SVM: Machines à vecteurs de support séparateurs à vastes marges. BD Web ISTY3 21, 14–15 (2006)
Mukherjee, S., Sharma, N.: Intrusion detection using Naive Bayes classifier with feature reduction. Procedia Technol. 4, 119–128 (2012)
Omar, S., Ngadi, A., Jebur, H.H.: Machine learning techniques for anomaly detection: an overview. Int. J. Comput. Appl. 79(2) (2013)
Parmar, J.D., Patel, J.T.: Anomaly detection in data mining: a review. Int. J. 7(4), 32–40 (2017)
Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Ranjan, R., Sahoo, G.: A new clustering approach for anomaly intrusion detection. arXiv preprint arXiv:1404.2772 (2014)
Reif, M., Goldstein, M., Stahl, A., Breuel, T.M.: Anomaly detection by combining decision trees and parametric densities. In: 2008 19th International Conference on Pattern Recognition, pp. 1–4. IEEE (2008)
Sarker, I.H., Kayes, A.S.M., Badsha, S., Alqahtani, H., Watters, P., Ng, A.: Cybersecurity data science: an overview from machine learning perspective. J. Big Data 7(1), 1–29 (2020). https://doi.org/10.1186/s40537-020-00318-5
Sarker, I.H., Kayes, A.S.M., Watters, P.: Effectiveness analysis of machine learning classification models for predicting personalized context-aware smartphone usage. J. Big Data 6(1), 1–28 (2019). https://doi.org/10.1186/s40537-019-0219-y
Sauvanaud, C.: Monitoring et détection d’anomalie par apprentissage dans les infrastructures virtualisées. Ph.D. thesis, Toulouse, INSA (2016)
Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSp, pp. 108–116 (2018)
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)
Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy, pp. 305–316. IEEE (2010)
Sun, N., Zhang, J., Rimba, P., Gao, S., Zhang, L.Y., Xiang, Y.: Data-driven cybersecurity incident prediction: a survey. IEEE Commun. Surv. Tutor. 21(2), 1744–1772 (2018)
Tang, H., Cao, Z.: Machine learning-based intrusion detection algorithms. J. Comput. Inf. Syst. 5(6), 1825–1831 (2009)
Teng, M.: Anomaly detection on time series. In: 2010 IEEE International Conference on Progress in Informatics and Computing, vol. 1, pp. 603–608. IEEE (2010)
Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)
Viegas, E., Santin, A.O., Franca, A., Jasinski, R., Pedroni, V.A., Oliveira, L.S.: Towards an energy-efficient anomaly-based intrusion detection engine for embedded systems. IEEE Trans. Comput. 66(1), 163–177 (2016)
Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer-Verlag GmbH Germany, part of Springer Nature
About this chapter
Cite this chapter
Ghali, M., Sah, C., Guilly, M.L., Hacid, MS. (2022). Threats Modeling and Anomaly Detection in the Behaviour of a System - A Review of Some Approaches. In: Hameurlain, A., Tjoa, A.M., Pacitti, E., Miklos, Z. (eds) Transactions on Large-Scale Data- and Knowledge-Centered Systems LI. Lecture Notes in Computer Science(), vol 13410. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-66111-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-662-66111-6_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-66110-9
Online ISBN: 978-3-662-66111-6
eBook Packages: Computer ScienceComputer Science (R0)