Early Staged Cyber Incidents Detection in Critical Infrastructures
Keywords:security, cyber-attack, incident detection, traffic anomaly
AbstractThe aim of the research is to create cyber incidents early detection model based on network traffic and OS-based system analyses. Developed cyber attacks detection model is based on anomalies measurements. With the 11 selected parameters and measurement software for real-time data traffic analyze, anomalies in traffic observed during cyber-attack simulation process. For OS-based system similar approach used with 4 selected parameters and Neural-networks classification method. This measurement solution detects anomalies in parameters sets and indicates cyber incidents.
Communications Regulatory Authority of the Republic of Lithuania. National incidents response team CERT-LT report for 2015. Source: https://www.cert.lt/doc/2015.pdf.
ENISA. Analysis of ICS-SCADA Cyber Security Maturity Levels in Critical Sectors. 2015. Source: https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/scada-industrial-control-systems/maturity-levels/at_download/fullReport.
R. Sommer, V. Paxson. Outside the Closed World: On Using Machine Learning For Network Intrusion Detection. 2010. Publisher: IEEE.
V. Chandola, A. Banerjee, and V. Kumar. Anomaly detection: A survey. 2009. ACM Comput. Surv. 41, 3, Article 15 (July 2009), 58 pages. DOI = 10.1145/1541880.1541882 http://doi.acm.org/10.1145/1541880.1541882
C. F. Tsai, Y. F. Hsu, C. Lin, W. Lin.; Intrusion detection by machine learning: a review. Experts Systems with Applications, 36(10): 11994-12000, 2009
Cheng-Yuan Ho, Ying-Dar Lin, Yuan-Cheng Lai, I-Wei Chen, Fu-Yu Wang, and Wei-Hsuan Tai, â€žFalse Positives and Negatives from Real Traffic with Intrusion Detection/Prevention Systemsâ€œ, International Journal of Future Computer and Communication, vol. 1, No. 2, August 2012, pp. 87 â€“ 90.
Natesan, P., P. Balasubramanie, G. Gowrison, â€žImproving the Attack Detection Rate in Network Intrusion Detection using Adaboost Algorithmâ€œ, Journal of Computer Science 8 (7): 1041-1048, 2012 ISSN 1549-3636 2012 Science Publications.
James Cannady, Artificial Neural Networks for Misuse Detection.
Srinivas Mukkamala, Guadalupe Janoski, Andrew Sung, â€œIntrusion Detection: Support Vector Machines and Neural Networksâ€, 2002.
Tapas Kanungo, An Efficient k-Means Clustering Algorithm: Analysis and Implementation., IEEE transactions on pattern analysis and machine intelligence, VOL. 24, NO. 7, 2002.
How to Cite
- Papers must be submitted on the understanding that they have not been published elsewhere (except in the form of an abstract or as part of a published lecture, review, or thesis) and are not currently under consideration by another journal published by any other publisher.
- It is also the authors responsibility to ensure that the articles emanating from a particular source are submitted with the necessary approval.
- The authors warrant that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required.
- The authors ensure that all the references carefully and they are accurate in the text as well as in the list of references (and vice versa).
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Attribution-NonCommercial 4.0 International that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
- The journal/publisher is not responsible for subsequent uses of the work. It is the author's responsibility to bring an infringement action if so desired by the author.