STOCHASTIC MODELING OF THE NETWORK INTRUSION DETECTION THRESHOLD
Keywords:
Intrusion detection, Stochastic processes, Noise-Indicator, Threshold value, Parameters estimationAbstract
Purpose: The aim of this paper is to present a new approach to creating a successful system for detecting intrusions on computer networks based on stochastic modeling.
Design/Methods/Approach: In this research, we propose a novel intrusion detection system modeled with General Split-BREAK (GSB) process. Firstly, theoretical assumptions and analysis of intrusion detection system (IDS) are described, followed by a description of the stochastic model of IDS using the General Split-BREAK (GSB) process. In the proposed model, a statistical estimation of the detection threshold is obtained. Finally, the numerical simulation and analysis of the intrusion detection performance of the proposed model are discussed.
Findings: The results of the presented research clearly state that using stochastically obtained thresholds in the IDS improves their efficiency in the sense that the total number of undetected or false intrusion detections is reduced.
Originality/Value: In this paper, we present a novel, stochastic-based model of IDS where the General Split-BREAK (GSB) process is utilized. It was shown that this model can improve the efficiency of IDS, therefore initiating its practical software implementation.
Keywords: stochastic modeling, IDS, General Split-BREAK process, false detection.
References
Čisar, P., & Maravić-Čisar, S. (2010). EWMA-based threshold algorithm for intrusion detection. Computing and Informatics, 1089-1101.
Čisar, P., & Maravić-Čisar, S. (2010). Network Statistics in Function of Statistical Intrusion Detection. Studies in Computational Intelligence, 27-35.
Čisar, P., & Maravić-Čisar, S. (2010). Skewness and Kurtosis in Function of Selection of Network Traffic Distribution,. Acta Polytechnica Hungarica, 95-106.
Čisar, P., & Maravić-Čisar, S. (2012). Network Statistical Anomaly Detection Based on Traffic Model. Annals of Faculty Engineering Hunedoara – International Journal Of Engineering, 89-96.
Čisar, P., Maravić-Čisar, S., Popović, B., Kuk, K., & Vuković, I. (2022). Application of Artificial Immune Networks in Continuous Function Optimization. Acta Polytechnica Hungarica, 19(7), 153-164.
Čisar, P., Popović, B., Kuk, K. Č., & Vuković, I. (2022). Machine Learning Aspects of Internet Firewall Data. In Security-Related Advanced Technologies in Critical Infrastructure Protection - Theoretical and Practical Approach. NATO Science for Peace and Security Series C: Environmental Security: Springer Dordrecht.
Eskin, E. (2000). Anomaly Detection over Noisy Data using Learned Probability Distributions. Proceedings of the 17th International Conference on Machine Learning (pp. 255–262). Stanford University.
Fengmin, G. (2003). Deciphering Detection Techniques: Part II Anomaly–Based Intrusion Detection. White Paper: McAfee Security.
Jovanović et al. (2018). Soserbia: Android-based software platform for sending emergency messages. Complexity, Article ID: 8283919.
Jovanović, M., Stojanović, V., Kuk, K., Popović, B., & Čisar, P. (2022). Asymptotic Properties and Application of GSB Process: A Case Study of the COVID-19 Dynamics in Serbia. Mathematics, Article No. 3849.
Ljajko, E., Stojanović, V., Tošić, M., & Božović, I. (2023). Cauchy Split-Break Process: Asymptotic Properties and Application in Securities Market Analysis. Sci. Bulletin, Series A: Aplied Mathematics & Physics, In press (accepted manuscript).
So, M. K., Chen, C. W., Chiang, T. C., & Lin, D. S. (2007). Modelling Financial Time Series with Threshold Nonlinearity in Returns and Trading Volume. Applied Stochastic Models in Business and Industry, 23(4), 319-338.
Sorensen, S. ( 2004). Competitive Overview of Statistical Anomaly Detection. White Paper: Juniper Networks.
Spathoulas, G., & S. Katsikas, S. (2010). Reducing false positives in intrusion detection systems. Computers & Security, 35-44.
Stojanović, V., Bakouch, H., Ljajko, E., & Božović, I. (2023). Laplacian Split-BREAK Process with Application in Dynamic Analysis of the World Oil and Gas Market. Axioms, Article No. 622.
Stojanović, V., Milovanović, G., & Jelić, G. (2016). Distributional properties and parameters estimation of GSB Process: An approach based on characteristic functions. ALEA, Lat. Am. J. Probab. Math. Stat., 835–861.
Stojanović, V., Popović, B., & Popović, P. (2011). The Split-BREAK Model. Brazilian Journal of Probability and Statistics, 44-63.
Stojanović, V., Popović, B., & Popović, P. (2014). Stochastic Analysis of GSB Process. Publ. Inst. Math., 149-159.
Stojanović, V., Popović, B., & Popović, P. (2015). Model of General Split-BREAK Process. REVSTAT– Statistical Journal, 145-168.