Skip to main content
SpringerLink
Log in

Statistical and Signature Analysis Methods of Intrusion Detection

  • Chapter
  • First Online:
Information Security Technologies in the Decentralized Distributed Networks

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 115))

Abstract

Existing models and methods of intrusion detection are mostly aimed at detecting intensive attacks, do not take into account the security of computer system resources and the properties of information flows. This limits the ability to detect anomalies in computer systems and information flows in a timely manner. The latest monitoring and intrusion detection solutions must take into account self-similar and statistical traffic characteristics, deep packet analysis, and the time it takes to process the information. An analysis of properties traffic and data collected at nodes and in the network was performed. Based on the analysis traffic parameters that will be used as indicators for intrusion detection were selected. A method of intrusion detection based on packet statistical analysis is described and simulated. A comparative analysis of binary classification of fractal time series by machine learning methods is performed. We consider classification by the example of different types of attack detection in traffic implementations. Random forest with regression trees and multilayer perceptron with periodic normalization were chosen as classification methods. The experimental results showed the effectiveness of the proposed methods in detecting attacks and identifying their type. All methods showed high attack detection accuracy values and low false positive values.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Jeong HDJ, Ahn W, Kim H, Lee JSR (2017) Anomalous traffic detection and self-similarity analysis in the environment of ATMSim. Cryptography 1(3):1–24

    Google Scholar 

  2. Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (IDPS). NIST Special publication 800–94

    Google Scholar 

  3. Common Vulnerability Scoring System v3.0: Examples, forum of incident response and security teams. https://www.first.org/cvss/examples

  4. Schaelicke L, Wheeler KB, Freeland C (2005) SPANIDS: a scalable network intrusion detection load balancer. In: Computing Frontiers: proceedings of the second conference,. Ischia, Italy, 4–6 May 2005. https://doi.org/10.1145/1062261.1062314

  5. Barracuda Load Balancer ADC. Secure application delivery & load balancing. Barracuda. https://www.barracuda.com/products/loadbalancer/features

  6. Deka R, Bhattacharyya D (2016) Self-similarity based DDoS attack detection using Hurst parameter. Secur Commun Netw 9:4468–4481. https://doi.org/10.1002/sec.1639

  7. Wu M, Moon Y (2019) Alert correlation for cyber-manufacturing intrusion detection. Procedia Manuf 34:820–831. https://doi.org/10.1016/j.promfg.2019.06.197

  8. Daradkeh YI, Kirichenko L, Radivilova T (2018) Development of QoS Methods in the Information Networks with Fractal Traffic. Int J Electr Telecommun 64(1):27–32. https://doi.org/10.24425/118142

    Article  Google Scholar 

  9. Weber M, Pistorius F, Sax E, Maas J, Zimmer B (2019) A hybrid anomaly detection system for electronic control units featuring replicator neural networks. In: Arai K, Kapoor S, Bhatia R (eds) Advances in information and communication networks, FICC 2018, Advances in intelligent systems and computing, vol. 887. Springer, Cham, pp 43 62. https://doi.org/10.1007/978-3-030-03405-4_4

  10. Kirichenko L, Radivilova T, Ryzhanov V (2022) Applying visibility graphs to classify time series. In: Babichev S, Lytvynenko V (eds) Lecture notes in computational intelligence and decision making. ISDMCI 2021. Lecture notes on data engineering and communications technologies, vol 77. Springer, Cham, pp 397–409. https://doi.org/10.1007/978-3-030-82014-5_26

  11. Kumar V, Sinha D (2021) A robust intelligent zero-day cyber-attack detection technique. Complex Intell Syst 7:2211–2234. https://doi.org/10.1007/s40747-021-00396-9

    Article  Google Scholar 

  12. Ageyev D, Radivilova T, Mohammed O (2020) Traffic monitoring and abnormality detection methods analysis. In: 2020 IEEE international conference on problems of infocommunications. Science and Technology (PIC S&T), pp. 823–826. https://doi.org/10.1109/PICST51311.2020.9468103

  13. Monshizadeh M, Khatri V, Atli BG, Kantola R, Yan Z (2019) Performance evaluation of a combined anomaly detection platform. IEEE Access 7:100964–100978. https://doi.org/10.1109/ACCESS.2019.2930832

    Article  Google Scholar 

  14. Radivilova T, Lyudmyla K, Lemeshko O, Ageyev D, Tawalbeh M, Ilkov A (2020) Analysis of approaches of monitoring, intrusion detection and identification of network attacks. In: 2020 ieee international conference on problems of infocommunications. Science and technology (PIC S&T), pp 819–822. https://doi.org/10.1109/PICST51311.2020.9467973

  15. Jyothsna V, Prasad KM (2019) Anomaly-based intrusion detection system. Computer and network security. IntechOpen. https://doi.org/10.5772/intechopen.82287

  16. KhanM A, Karim MR, Kim Y (2019) A scalable and hybrid intrusion detection system based on the convolutional-LSTM network. Symmetry 11:581–585. https://doi.org/10.3390/sym11040583

    Article  Google Scholar 

  17. Khraisat A, Gondal I, Vamplew P et al (2019) Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecur 2:20. https://doi.org/10.1186/s42400-019-0038-7

    Article  Google Scholar 

  18. Kirichenko L, Alghawli ASA, Radivilova T (2020) Generalized approach to analysis of multifractal properties from short time series. Int J Adv Comput Sci Appl (IJACSA) 11(5):183–198. https://doi.org/10.14569/IJACSA.2020.0110527

  19. Kirichenko L, Bulakh V, Radivilova T (2020) Machine learning classification of multifractional Brownian motion realizations. In: Proceedings of the third international workshop on computer modeling and intelligent systems (CMIS-2020), vol 2608. Zaporizhzhia, Ukraine, April 27–May 1, pp 980–989

    Google Scholar 

  20. Elsayed MS, Le-Khac N, Dev S, Jurcut AD (2020) DDoSNet: A deep-learning model for detecting network attacks. In: 2020 IEEE 21st international symposium on “A world of wireless, mobile and multimedia networks” (WoWMoM), pp 391–396

    Google Scholar 

  21. Sharafaldin I, Habibi Lashkari A, Hakak S, Ghorbani AA (2019) Developing realistic distributed denial of service (DDoS) Attack dataset and taxonomy. In: 2019 international carnahan conference on security technology (ICCST), pp 1–8

    Google Scholar 

  22. Kirichenko L, Zinchenko P, Radivilova T (2021) Classification of time realizations using machine learning recognition of recurrence plots. In: Babichev S, Lytvynenko V, Wójcik W, Vyshemyrskaya S (eds) Lecture notes in computational intelligence and decision making. ISDMCI 2020. Advances in intelligent systems and computing, vol 1246. Springer, Cham, pp 687–696. https://doi.org/10.1007/978-3-030-54215-3_44

  23. Kirichenko L, Radivilova T, Bulakh V (2019) Machine learning in classification time series with fractal properties. Data 4(1), 5:1–13. https://doi.org/10.3390/data4010005

  24. Radivilova T, Kirichenko L, Ageyev D, Tawalbeh M, Bulakh V, Zinchenko P (2019) Intrusion detection based on machine learning using fractal properties of traffic realizations. In: 2019 IEEE international conference on advanced trends in information theory (ATIT). Kyiv, Ukraine, pp 218–221. https://doi.org/10.1109/ATIT49449.2019.9030452

  25. Kelley T, Amon MJ, Bertenthal BI (2018) Statistical models for predicting threat detection from human behavior. Front Psychol 9:466. https://doi.org/10.3389/fpsyg.2018.00466

    Article  Google Scholar 

  26. Li Y, Sperrin M, Ashcroft DM, van Staa TP (2020) Consistency of variety of machine learning and statistical models in predicting clinical risks of individual patients: longitudinal cohort study using cardiovascular disease as exemplar BMJ 371:m3919. https://doi.org/10.1136/bmj.m3919

  27. Srinivasa Reddy L, Vemuru S (2020) A survey of different machine learning models for static and dynamic malware detection. Europ J Mol Clin Med 7(3):4299–4308

    Google Scholar 

  28. Magán-Carrión R, Camacho J, Maciá-Fernández G, Ruíz-Zafra Á (2020) Multivariate statistical network monitoring–sensor: an effective tool for real-time monitoring and anomaly detection in complex networks and systems. Int J Distrib Sens Netw 2020. https://doi.org/10.1177/1550147720921309

  29. Zhu S, Li S, Wang Z, Chen X, Qian Z, Krishnamurthy SV, Chan KS, Swami A (2020) You do (not) belong here: detecting DPI evasion attacks with context learning. In: Proceedings of the 16th international conference on emerging networking experiments and technologies (CoNEXT’20). Association for computing machinery, New York, NY, USA, pp 183–197. https://doi.org/10.1145/3386367.3431311

  30. Zhao J, Shetty S, Pan J et al (2019) Transfer learning for detecting unknown network attacks. EURASIP J. on Info Secur 1. https://doi.org/10.1186/s13635-019-0084-4

  31. Radivilova T, Kirichenko L, Vitalii B (2019) Comparative analysis of machine learning classification of time series with fractal properties. In: 2019 IEEE 8th international conference on advanced optoelectronics and lasers (CAOL). Sozopol, Bulgaria, pp 557–560. https://doi.org/10.1109/CAOL46282.2019.9019416

  32. Kirichenko L, Radivilova T, Bulakh V (2020) Binary classification of fractal time series by machine learning methods. In: Lytvynenko V, Babichev S, Wójcik W, Vynokurova O, Vyshemyrskaya S, Radetskaya S (eds) Lecture notes in computational intelligence and decision making. ISDMCI 2019. Advances in intelligent systems and computing, vol 1020. Springer, Cham pp701–711. https://doi.org/10.1007/978-3-030-26474-1_49

  33. Sharafaldin I, Habibi Lashkari A, Ghorbani AA (2018) A detailed analysis of the CICIDS2017 Data Set. ICISSP

    Google Scholar 

  34. Intrusion detection evaluation dataset (CIC-IDS2017). https://www.unb.ca/cic/datasets/ids-2017.html

Download references

Author information

Authors and Affiliations

  1. Kharkiv National University of Radio Electronics, 14 Nauky Ave, Kharkiv, Ukraine

    Tamara Radivilova, Lyudmyla Kirichenko, Dmytro Ageyev, Vladyslav Kulbachnyi & Oleg Bondarenko

  2. Prince Sattam Bin Abdulaziz University, Aflaj, Kingdom of Saudi Arabia

    Abed Saif Alghawli

  3. Uzhhorod National University, Narodna Sq., 3, Uzhhorod, Ukraine

    Oksana Mulesa

  4. Blekinge Institute of Technology, Karlskrona, Blekinge, Sweden

    Oleksii Baranovskyi

  5. Ivan Kozhedub Kharkiv National Air Force University, Sumska str, Kharkiv, Ukraine

    Andrii Ilkov

Authors
  1. Tamara Radivilova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lyudmyla Kirichenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abed Saif Alghawli
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dmytro Ageyev
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Oksana Mulesa
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Oleksii Baranovskyi
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Andrii Ilkov
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Vladyslav Kulbachnyi
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Oleg Bondarenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information and Communication Systems Security, Faculty of Computer Science, V. N. Karazin Kharkiv National University, Kharkiv, Ukraine

    Roman Oliynykov

  2. Department of Information and Communication Systems Security, Faculty of Computer Science, V. N. Karazin Kharkiv National University, Kharkiv, Ukraine

    Oleksandr Kuznetsov

  3. Department of Infocommunication Engineering, Faculty of Infocommunication, Kharkiv National University of Radio Electronics, Kharkiv, Ukraine

    Oleksandr Lemeshko

  4. Department of Infocommunication Engineering, Faculty of Infocommunication, Kharkiv National University of Radio Electronics, Kharkiv, Ukraine

    Tamara Radivilova

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Radivilova, T. et al. (2022). Statistical and Signature Analysis Methods of Intrusion Detection. In: Oliynykov, R., Kuznetsov, O., Lemeshko, O., Radivilova, T. (eds) Information Security Technologies in the Decentralized Distributed Networks. Lecture Notes on Data Engineering and Communications Technologies, vol 115. Springer, Cham. https://doi.org/10.1007/978-3-030-95161-0_5

Download citation

Publish with us

Policies and ethics

Search

Navigation