Attack Matrix Intrusion Detection System for Preventing Vulnerability Scanning and Defense
Abstract
Intrusion detection systems define an important and dynamic research area for cyber security. The role of Intrusion Detection System within security architecture is to improve a security level by identification of all malicious and aclso suspicious events that could be observed in computer or network system. One of the more specific research areas related to intrusion detection is anomaly detection. Anomaly-based intrusion detection in networks refers to the problem of finding untypical events in the observed network traffic that do not conform to the expected normal patterns. To detect anomalies many security systems implements a classification or clustering algorithms. However, recent research proved that machine learning models might misclassify adversarial events, e.g. observations which were created by applying intentionally non-random perturbations to the dataset. The goal of this project performed was verification of the anomaly detection systems ability to resist this type of attack. The main reason to this might be a deep network passes information through several layers to learn the underlying hidden patterns of normal and attack network connection records and finally aggregates these learned features of each layer together to effectively distinguish the normal and various attacks of network connection records. To achieve an acceptable detection rate, various configurations of network settings can be used and its parameters in deep networks.