siForest: Detecting Network Anomalies with Set-Structured Isolation Forest

• URL: http://arxiv.org/abs/2412.06015v1
• Date: Sun, 08 Dec 2024 18:18:40 GMT
• Title: siForest: Detecting Network Anomalies with Set-Structured Isolation Forest
• Authors: Christie Djidjev,
• Abstract summary: Modern cybersecurity systems face the challenge of analyzing billions of daily network interactions to identify potential threats. This paper investigates the use of variations of the Isolation Forest (iForest) machine learning algorithm for detecting anomalies in internet scan data. In particular, it presents the Set-Partitioned Isolation Forest (siForest), a novel extension of the iForest method to detect anomalies in set-structured data.
• Score: 0.0
• License:
• Abstract: As cyber threats continue to evolve in sophistication and scale, the ability to detect anomalous network behavior has become critical for maintaining robust cybersecurity defenses. Modern cybersecurity systems face the overwhelming challenge of analyzing billions of daily network interactions to identify potential threats, making efficient and accurate anomaly detection algorithms crucial for network defense. This paper investigates the use of variations of the Isolation Forest (iForest) machine learning algorithm for detecting anomalies in internet scan data. In particular, it presents the Set-Partitioned Isolation Forest (siForest), a novel extension of the iForest method designed to detect anomalies in set-structured data. By treating instances such as sets of multiple network scans with the same IP address as cohesive units, siForest effectively addresses some challenges of analyzing complex, multidimensional datasets. Extensive experiments on synthetic datasets simulating diverse anomaly scenarios in network traffic demonstrate that siForest has the potential to outperform traditional approaches on some types of internet scan data.

Related papers

• CESNET-TimeSeries24: Time Series Dataset for Network Traffic Anomaly Detection and Forecasting [0.0]
  This manuscript introduces a dataset comprising time series data of network entities' behavior. The dataset was created from 40 weeks of network traffic of 275 thousand active IP addresses. It provides valuable insights into the practical deployment of forecast-based anomaly detection approaches.
  arXiv  Detail & Related papers  (2024-09-27T16:10:11Z)
• Deep Learning-based Anomaly Detection and Log Analysis for Computer Networks [5.809158072574843]
  We propose an innovative fusion model that integrates Isolation Forest, GAN, and Transformer. The model significantly improves the accuracy of anomaly detection while reducing the false alarm rate. It also performs well in the log analysis task and is able to quickly identify anomalous behaviors.
  arXiv  Detail & Related papers  (2024-07-08T06:07:51Z)
• Detection-Rate-Emphasized Multi-objective Evolutionary Feature Selection for Network Intrusion Detection [21.104686670216445]
  We propose DR-MOFS to model the feature selection problem in network intrusion detection as a three-objective optimization problem. In most cases, the proposed method can outperform previous methods, i.e., lead to fewer features, higher accuracy and detection rate.
  arXiv  Detail & Related papers  (2024-06-13T14:42:17Z)
• Ransomware Detection and Classification Using Random Forest: A Case Study with the UGRansome2024 Dataset [0.0]
  We introduce UGRansome2024, an optimised dataset for ransomware detection in network traffic. This dataset is derived from the UGRansome data using an intuitionistic feature engineering approach. The study presents an analysis of ransomware detection using the UGRansome2024 dataset and the Random Forest algorithm.
  arXiv  Detail & Related papers  (2024-04-19T12:50:03Z)
• Leveraging a Probabilistic PCA Model to Understand the Multivariate Statistical Network Monitoring Framework for Network Security Anomaly Detection [64.1680666036655]
  We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view. We have evaluated the mathematical model using two different datasets.
  arXiv  Detail & Related papers  (2023-02-02T13:41:18Z)
• Anomaly Detection on Attributed Networks via Contrastive Self-Supervised Learning [50.24174211654775]
  We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks. Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair. A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
  arXiv  Detail & Related papers  (2021-02-27T03:17:20Z)
• Increasing the Confidence of Deep Neural Networks by Coverage Analysis [71.57324258813674]
  This paper presents a lightweight monitoring architecture based on coverage paradigms to enhance the model against different unsafe inputs. Experimental results show that the proposed approach is effective in detecting both powerful adversarial examples and out-of-distribution inputs.
  arXiv  Detail & Related papers  (2021-01-28T16:38:26Z)
• Generalized Iris Presentation Attack Detection Algorithm under Cross-Database Settings [63.90855798947425]
  Presentation attacks pose major challenges to most of the biometric modalities. We propose a generalized deep learning-based presentation attack detection network, MVANet. It is inspired by the simplicity and success of hybrid algorithm or fusion of multiple detection networks.
  arXiv  Detail & Related papers  (2020-10-25T22:42:27Z)
• Deep Learning based Covert Attack Identification for Industrial Control Systems [5.299113288020827]
  We develop a data-driven framework that can be used to detect, diagnose, and localize a type of cyberattack called covert attacks on smart grids. The framework has a hybrid design that combines an autoencoder, a recurrent neural network (RNN) with a Long-Short-Term-Memory layer, and a Deep Neural Network (DNN)
  arXiv  Detail & Related papers  (2020-09-25T17:48:43Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)
• Cassandra: Detecting Trojaned Networks from Adversarial Perturbations [92.43879594465422]
  In many cases, pre-trained models are sourced from vendors who may have disrupted the training pipeline to insert Trojan behaviors into the models. We propose a method to verify if a pre-trained model is Trojaned or benign. Our method captures fingerprints of neural networks in the form of adversarial perturbations learned from the network gradients.
  arXiv  Detail & Related papers  (2020-07-28T19:00:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.