Home > Research > Publications & Outputs > Practical Intrusion Detection of Emerging Threats

Electronic data

  • Practical_Intrusion_Detection_of_Emerging_Threats_Accepted_Version

    Rights statement: ©2021 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 3.06 MB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

Practical Intrusion Detection of Emerging Threats

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published

Standard

Practical Intrusion Detection of Emerging Threats. / Mills, Ryan; Marnerides, Angelos; Broadbent, Matthew et al.

In: IEEE Transactions on Network and Service Management, Vol. 19, No. 1, 31.03.2022, p. 582-600.

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Harvard

Mills, R, Marnerides, A, Broadbent, M & Race, N 2022, 'Practical Intrusion Detection of Emerging Threats', IEEE Transactions on Network and Service Management, vol. 19, no. 1, pp. 582-600. https://doi.org/10.1109/TNSM.2021.3091517

APA

Vancouver

Mills R, Marnerides A, Broadbent M, Race N. Practical Intrusion Detection of Emerging Threats. IEEE Transactions on Network and Service Management. 2022 Mar 31;19(1):582-600. Epub 2021 Jun 22. doi: 10.1109/TNSM.2021.3091517

Author

Mills, Ryan ; Marnerides, Angelos ; Broadbent, Matthew et al. / Practical Intrusion Detection of Emerging Threats. In: IEEE Transactions on Network and Service Management. 2022 ; Vol. 19, No. 1. pp. 582-600.

Bibtex

@article{af9d0e5f88c541b8a1cd814d92d687fd,
title = "Practical Intrusion Detection of Emerging Threats",
abstract = "The Internet of Things (IoT), in combination with advancements in Big Data, communications and networked systems, offers a positive impact across a range of sectors including health, energy, manufacturing and transport. By virtue of current business models adopted by manufacturers and ICT operators, IoT devices are deployed over various networked infrastructures with minimal security, opening up a range of new attack vectors. Conventional rule-based intrusion detection mechanisms used by network management solutions rely on pre-defined attack signatures and hence are unable to identify new attacks. In parallel, anomaly detection solutions tend to suffer from high false positive rates due to the limited statistical validation of ground truth data, which is used for profiling normal network behaviour. In this work we go beyond current solutions and leverage the coupling of anomaly detection and Cyber Threat Intelligence (CTI) with parallel processing for the profiling and detection of emerging cyber attacks. We demonstrate the design, implementation, and evaluation of Citrus: a novel intrusion detection framework which is adept at tackling emerging threats through the collection and labelling of live attack data by utilising diverse Internet vantage points in order to detect and classify malicious behaviour using graph-based metrics as well as a range of machine learning (ML) algorithms. Citrus considers the importance of ground truth data validation and its flexible software architecture enables both the real-time and offline profiling, detection and classification of emerging cyber-attacks under optimal computational costs. Thus, establishing it as a viable and practical solution for next generation network defence and resilience strategies.",
keywords = "Intrusion Detection, Machine Learning, Cyber Threat Intelligence",
author = "Ryan Mills and Angelos Marnerides and Matthew Broadbent and Nicholas Race",
note = "{\textcopyright}2021 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. ",
year = "2022",
month = mar,
day = "31",
doi = "10.1109/TNSM.2021.3091517",
language = "English",
volume = "19",
pages = "582--600",
journal = "IEEE Transactions on Network and Service Management",
issn = "1932-4537",
publisher = "IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC",
number = "1",

}

RIS

TY - JOUR

T1 - Practical Intrusion Detection of Emerging Threats

AU - Mills, Ryan

AU - Marnerides, Angelos

AU - Broadbent, Matthew

AU - Race, Nicholas

N1 - ©2021 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

PY - 2022/3/31

Y1 - 2022/3/31

N2 - The Internet of Things (IoT), in combination with advancements in Big Data, communications and networked systems, offers a positive impact across a range of sectors including health, energy, manufacturing and transport. By virtue of current business models adopted by manufacturers and ICT operators, IoT devices are deployed over various networked infrastructures with minimal security, opening up a range of new attack vectors. Conventional rule-based intrusion detection mechanisms used by network management solutions rely on pre-defined attack signatures and hence are unable to identify new attacks. In parallel, anomaly detection solutions tend to suffer from high false positive rates due to the limited statistical validation of ground truth data, which is used for profiling normal network behaviour. In this work we go beyond current solutions and leverage the coupling of anomaly detection and Cyber Threat Intelligence (CTI) with parallel processing for the profiling and detection of emerging cyber attacks. We demonstrate the design, implementation, and evaluation of Citrus: a novel intrusion detection framework which is adept at tackling emerging threats through the collection and labelling of live attack data by utilising diverse Internet vantage points in order to detect and classify malicious behaviour using graph-based metrics as well as a range of machine learning (ML) algorithms. Citrus considers the importance of ground truth data validation and its flexible software architecture enables both the real-time and offline profiling, detection and classification of emerging cyber-attacks under optimal computational costs. Thus, establishing it as a viable and practical solution for next generation network defence and resilience strategies.

AB - The Internet of Things (IoT), in combination with advancements in Big Data, communications and networked systems, offers a positive impact across a range of sectors including health, energy, manufacturing and transport. By virtue of current business models adopted by manufacturers and ICT operators, IoT devices are deployed over various networked infrastructures with minimal security, opening up a range of new attack vectors. Conventional rule-based intrusion detection mechanisms used by network management solutions rely on pre-defined attack signatures and hence are unable to identify new attacks. In parallel, anomaly detection solutions tend to suffer from high false positive rates due to the limited statistical validation of ground truth data, which is used for profiling normal network behaviour. In this work we go beyond current solutions and leverage the coupling of anomaly detection and Cyber Threat Intelligence (CTI) with parallel processing for the profiling and detection of emerging cyber attacks. We demonstrate the design, implementation, and evaluation of Citrus: a novel intrusion detection framework which is adept at tackling emerging threats through the collection and labelling of live attack data by utilising diverse Internet vantage points in order to detect and classify malicious behaviour using graph-based metrics as well as a range of machine learning (ML) algorithms. Citrus considers the importance of ground truth data validation and its flexible software architecture enables both the real-time and offline profiling, detection and classification of emerging cyber-attacks under optimal computational costs. Thus, establishing it as a viable and practical solution for next generation network defence and resilience strategies.

KW - Intrusion Detection

KW - Machine Learning

KW - Cyber Threat Intelligence

U2 - 10.1109/TNSM.2021.3091517

DO - 10.1109/TNSM.2021.3091517

M3 - Journal article

VL - 19

SP - 582

EP - 600

JO - IEEE Transactions on Network and Service Management

JF - IEEE Transactions on Network and Service Management

SN - 1932-4537

IS - 1

ER -