Unexpected-Behavior Detection Using TopK Rankings for Cybersecurity

Alvaro Parres-Peredo; Ivan Piza-Davila; Francisco Cervantes

doi:10.3390/app9204381

Applied Sciences (Oct 2019)

Unexpected-Behavior Detection Using TopK Rankings for Cybersecurity

Alvaro Parres-Peredo,
Ivan Piza-Davila,
Francisco Cervantes

Affiliations

Alvaro Parres-Peredo: Electronic, Systems and Informatics Department, ITESO, The Jesuit University of Guadalajara, Tlaquepaque 45604, Mexico
Ivan Piza-Davila: Electronic, Systems and Informatics Department, ITESO, The Jesuit University of Guadalajara, Tlaquepaque 45604, Mexico
Francisco Cervantes: Electronic, Systems and Informatics Department, ITESO, The Jesuit University of Guadalajara, Tlaquepaque 45604, Mexico

DOI: https://doi.org/10.3390/app9204381
Journal volume & issue: Vol. 9, no. 20
p. 4381

Abstract

Read online

Anomaly-based intrusion detection systems use profiles to characterize expected behavior of network users. Most of these systems characterize the entire network traffic within a single profile. This work proposes a user-level anomaly-based intrusion detection methodology using only the user’s network traffic. The proposed profile is a collection of TopK rankings of reached services by the user. To detect unexpected behaviors, the real-time traffic is organized into TopK rankings and compared to the profile using similarity measures. The experiments demonstrated that the proposed methodology was capable of detecting a particular kind of malware attack in all the users tested.

Published in Applied Sciences

ISSN: 2076-3417 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Engineering (General). Civil engineering (General); Science: Biology (General); Science: Physics; Science: Chemistry
Website: http://www.mdpi.com/journal/applsci

About the journal

Abstract

Keywords