Symptoms-Based Network Intrusion Detection System

Qais Saif Qassim; Norziana Jamil; Mohammed Najah Mahdi

doi:10.1007/978-3-030-90235-3_42

Symptoms-Based Network Intrusion Detection System

Qais Saif Qassim, Norziana Jamil, Mohammed Najah Mahdi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Protecting the network perimeters from malicious activities is a necessity and essential defence mechanism against cyberattacks. Network Intrusion Detection system (NIDS) is commonly used as a defense mechanism. This paper presents the Symptoms-based NIDS, a new intrusion detection system approach that learns the normal network behaviours through monitoring a range of network data attributes at the network and the transport layers. The proposed IDS consists of distributed anomaly detection agents and a centralised anomaly classification engine. The detection agents are located at the end nodes of the protected network, detecting anomalies by analysing network traffic and identifying abnormal activities. These agents will capture and analyse the network and the transport headers of individual packets for malicious activities. The agents will communicate with the centralised anomaly classification engine upon detecting a suspicious activity for attack prioritisation and classification. The paper presented a list of network attributes to be considered as classification features to identify anomalies.

Original language	English
Title of host publication	Advances in Visual Informatics - 7th International Visual Informatics Conference, IVIC 2021, Proceedings
Editors	Halimah Badioze Zaman, Alan F. Smeaton, Timothy K. Shih, Sergio Velastin, Tada Terutoshi, Bo Nørregaard Jørgensen, Hazleen Aris, Nazrita Ibrahim
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	482-494
Number of pages	13
ISBN (Print)	9783030902346
DOIs	https://doi.org/10.1007/978-3-030-90235-3_42
Publication status	Published - 2021
Externally published	Yes
Event	7th International Conference on Advances in Visual Informatics, IVIC 2021 - Kajang, Malaysia Duration: Nov 23 2021 → Nov 25 2021

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13051 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	7th International Conference on Advances in Visual Informatics, IVIC 2021
Country/Territory	Malaysia
City	Kajang
Period	11/23/21 → 11/25/21

Keywords

Anomaly
Classification
False alarms
Features
Machine learning
Signature

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-030-90235-3_42

Cite this

Qassim, Q. S., Jamil, N., & Mahdi, M. N. (2021). Symptoms-Based Network Intrusion Detection System. In H. Badioze Zaman, A. F. Smeaton, T. K. Shih, S. Velastin, T. Terutoshi, B. N. Jørgensen, H. Aris, & N. Ibrahim (Eds.), Advances in Visual Informatics - 7th International Visual Informatics Conference, IVIC 2021, Proceedings (pp. 482-494). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13051 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-90235-3_42

Symptoms-Based Network Intrusion Detection System. / Qassim, Qais Saif; Jamil, Norziana; Mahdi, Mohammed Najah.
Advances in Visual Informatics - 7th International Visual Informatics Conference, IVIC 2021, Proceedings. ed. / Halimah Badioze Zaman; Alan F. Smeaton; Timothy K. Shih; Sergio Velastin; Tada Terutoshi; Bo Nørregaard Jørgensen; Hazleen Aris; Nazrita Ibrahim. Springer Science and Business Media Deutschland GmbH, 2021. p. 482-494 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13051 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Qassim, QS, Jamil, N & Mahdi, MN 2021, Symptoms-Based Network Intrusion Detection System. in H Badioze Zaman, AF Smeaton, TK Shih, S Velastin, T Terutoshi, BN Jørgensen, H Aris & N Ibrahim (eds), Advances in Visual Informatics - 7th International Visual Informatics Conference, IVIC 2021, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13051 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 482-494, 7th International Conference on Advances in Visual Informatics, IVIC 2021, Kajang, Malaysia, 11/23/21. https://doi.org/10.1007/978-3-030-90235-3_42

Qassim QS, Jamil N, Mahdi MN. Symptoms-Based Network Intrusion Detection System. In Badioze Zaman H, Smeaton AF, Shih TK, Velastin S, Terutoshi T, Jørgensen BN, Aris H, Ibrahim N, editors, Advances in Visual Informatics - 7th International Visual Informatics Conference, IVIC 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 482-494. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-90235-3_42

Qassim, Qais Saif ; Jamil, Norziana ; Mahdi, Mohammed Najah. / Symptoms-Based Network Intrusion Detection System. Advances in Visual Informatics - 7th International Visual Informatics Conference, IVIC 2021, Proceedings. editor / Halimah Badioze Zaman ; Alan F. Smeaton ; Timothy K. Shih ; Sergio Velastin ; Tada Terutoshi ; Bo Nørregaard Jørgensen ; Hazleen Aris ; Nazrita Ibrahim. Springer Science and Business Media Deutschland GmbH, 2021. pp. 482-494 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{fa960350e943420caed25d380e52f2d7,

title = "Symptoms-Based Network Intrusion Detection System",

abstract = "Protecting the network perimeters from malicious activities is a necessity and essential defence mechanism against cyberattacks. Network Intrusion Detection system (NIDS) is commonly used as a defense mechanism. This paper presents the Symptoms-based NIDS, a new intrusion detection system approach that learns the normal network behaviours through monitoring a range of network data attributes at the network and the transport layers. The proposed IDS consists of distributed anomaly detection agents and a centralised anomaly classification engine. The detection agents are located at the end nodes of the protected network, detecting anomalies by analysing network traffic and identifying abnormal activities. These agents will capture and analyse the network and the transport headers of individual packets for malicious activities. The agents will communicate with the centralised anomaly classification engine upon detecting a suspicious activity for attack prioritisation and classification. The paper presented a list of network attributes to be considered as classification features to identify anomalies.",

keywords = "Anomaly, Classification, False alarms, Features, Machine learning, Signature",

author = "Qassim, {Qais Saif} and Norziana Jamil and Mahdi, {Mohammed Najah}",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 7th International Conference on Advances in Visual Informatics, IVIC 2021 ; Conference date: 23-11-2021 Through 25-11-2021",

year = "2021",

doi = "10.1007/978-3-030-90235-3_42",

language = "English",

isbn = "9783030902346",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "482--494",

editor = "{Badioze Zaman}, Halimah and Smeaton, {Alan F.} and Shih, {Timothy K.} and Sergio Velastin and Tada Terutoshi and J{\o}rgensen, {Bo N{\o}rregaard} and Hazleen Aris and Nazrita Ibrahim",

booktitle = "Advances in Visual Informatics - 7th International Visual Informatics Conference, IVIC 2021, Proceedings",

}

TY - GEN

T1 - Symptoms-Based Network Intrusion Detection System

AU - Qassim, Qais Saif

AU - Jamil, Norziana

AU - Mahdi, Mohammed Najah

PY - 2021

Y1 - 2021

N2 - Protecting the network perimeters from malicious activities is a necessity and essential defence mechanism against cyberattacks. Network Intrusion Detection system (NIDS) is commonly used as a defense mechanism. This paper presents the Symptoms-based NIDS, a new intrusion detection system approach that learns the normal network behaviours through monitoring a range of network data attributes at the network and the transport layers. The proposed IDS consists of distributed anomaly detection agents and a centralised anomaly classification engine. The detection agents are located at the end nodes of the protected network, detecting anomalies by analysing network traffic and identifying abnormal activities. These agents will capture and analyse the network and the transport headers of individual packets for malicious activities. The agents will communicate with the centralised anomaly classification engine upon detecting a suspicious activity for attack prioritisation and classification. The paper presented a list of network attributes to be considered as classification features to identify anomalies.

AB - Protecting the network perimeters from malicious activities is a necessity and essential defence mechanism against cyberattacks. Network Intrusion Detection system (NIDS) is commonly used as a defense mechanism. This paper presents the Symptoms-based NIDS, a new intrusion detection system approach that learns the normal network behaviours through monitoring a range of network data attributes at the network and the transport layers. The proposed IDS consists of distributed anomaly detection agents and a centralised anomaly classification engine. The detection agents are located at the end nodes of the protected network, detecting anomalies by analysing network traffic and identifying abnormal activities. These agents will capture and analyse the network and the transport headers of individual packets for malicious activities. The agents will communicate with the centralised anomaly classification engine upon detecting a suspicious activity for attack prioritisation and classification. The paper presented a list of network attributes to be considered as classification features to identify anomalies.

KW - Anomaly

KW - Classification

KW - False alarms

KW - Features

KW - Machine learning

KW - Signature

UR - http://www.scopus.com/inward/record.url?scp=85120533415&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85120533415&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-90235-3_42

DO - 10.1007/978-3-030-90235-3_42

M3 - Conference contribution

AN - SCOPUS:85120533415

SN - 9783030902346

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 482

EP - 494

BT - Advances in Visual Informatics - 7th International Visual Informatics Conference, IVIC 2021, Proceedings

A2 - Badioze Zaman, Halimah

A2 - Smeaton, Alan F.

A2 - Shih, Timothy K.

A2 - Velastin, Sergio

A2 - Terutoshi, Tada

A2 - Jørgensen, Bo Nørregaard

A2 - Aris, Hazleen

A2 - Ibrahim, Nazrita

PB - Springer Science and Business Media Deutschland GmbH

T2 - 7th International Conference on Advances in Visual Informatics, IVIC 2021

Y2 - 23 November 2021 through 25 November 2021

ER -

Symptoms-Based Network Intrusion Detection System

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this