Anomaly detection using gaussian mixture probability model to implement intrusion detection system

Blanco Andrés, Roberto and Malagón Marzo, Pedro José and Briongos Herrerjo, Samira and Moya Fernández, José Manuel (2019). Anomaly detection using gaussian mixture probability model to implement intrusion detection system. In: "XIV International Conference on Hybrid Artificial Intelligent Systems (HAIS 2019)", 04/09/2019 - 06/09/2019, León, Spain. ISBN 978-3-030-29859-3. pp. 648-659. https://doi.org/https://doi.org/10.1007/978-3-030-29859-3_55.

Description

Title: Anomaly detection using gaussian mixture probability model to implement intrusion detection system
Author/s:
  • Blanco Andrés, Roberto
  • Malagón Marzo, Pedro José
  • Briongos Herrerjo, Samira
  • Moya Fernández, José Manuel
Item Type: Presentation at Congress or Conference (Article)
Event Title: XIV International Conference on Hybrid Artificial Intelligent Systems (HAIS 2019)
Event Dates: 04/09/2019 - 06/09/2019
Event Location: León, Spain
Title of Book: Hybrid Artificial Intelligent Systems. HAIS 2019. Lecture Notes in Computer Science
Date: 26 August 2019
ISBN: 978-3-030-29859-3
Volume: 11734
Subjects:
Freetext Keywords: Intrusion Detection; Gaussian Mixture Model; Voting
Faculty: E.T.S.I. Telecomunicación (UPM)
Department: Otro
Creative Commons Licenses: Recognition - No derivative works - Non commercial

Full text

[img]
Preview
PDF - Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (341kB) | Preview

Abstract

Network intrusion detection systems (NIDS) detect attacks or anomalous network traffic patterns in order to avoid cybersecurity issues. Anomaly detection algorithms are used to identify unusual behavior or outliers in the network traffic in order to generate alarms. Traditionally, Gaussian Mixture Models (GMMs) have been used for probabilistic-based anomaly detection NIDS. We propose to use multiple simple GMMs to model each individual feature, and an asymmetric voting scheme that aggregates the individual anomaly detectors to provide. We test our approach using the NSL dataset. We construct the normal behavior models using only the samples labelled as normal in this dataset and evaluate our proposal using the official NSL testing set. As a result, we obtain a F1-score over 0.9, outperforming other supervised and unsupervised proposals.

Funding Projects

TypeCodeAcronymLeaderTitle
Government of SpainAYA2015-65973-C3-3-RAMIGA6UnspecifiedGas en el interior y en el entorno de las galaxias, Preparación científica para SKA y contribución al diseño del flujo de datos - Procesado de datos en hardware
Government of SpainTIN-2015-65277-RCOPHERNICOManuel Prieto MatíasEfficient heterogeneous computing: from the processor to the datacenter
Government of SpainRTC-2016-5434-8UnspecifiedUnspecifiedHolistic Intrusion Detection and Response Agent - HIDRA

More information

Item ID: 56501
DC Identifier: http://oa.upm.es/56501/
OAI Identifier: oai:oa.upm.es:56501
DOI: https://doi.org/10.1007/978-3-030-29859-3_55
Official URL: https://link.springer.com/chapter/10.1007%2F978-3-030-29859-3_55
Deposited by: Memoria Investigacion
Deposited on: 28 Mar 2020 11:26
Last Modified: 26 Aug 2020 22:30
  • Logo InvestigaM (UPM)
  • Logo GEOUP4
  • Logo Open Access
  • Open Access
  • Logo Sherpa/Romeo
    Check whether the anglo-saxon journal in which you have published an article allows you to also publish it under open access.
  • Logo Dulcinea
    Check whether the spanish journal in which you have published an article allows you to also publish it under open access.
  • Logo de Recolecta
  • Logo del Observatorio I+D+i UPM
  • Logo de OpenCourseWare UPM