Advanced search
Publication Cover
Journal of Computer Information Systems Volume 64, 2024 - Issue 1
Submit an article Journal homepage
451
Views
1
CrossRef citations to date
0
Altmetric
Reviews

Insider Intrusion Detection Techniques: A State-of-the-Art Review

Nisha T. N.Symbiosis Centre for Information Technology (SCIT), A Constituent of the Symbiosis International (Deemed University) (SIU), Pune, IndiaCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-3197-6271
ORCID Icon &
Dhanya PramodSymbiosis Centre for Information Technology (SCIT), A Constituent of the Symbiosis International (Deemed University) (SIU), Pune, IndiaORCID Iconhttps://orcid.org/0000-0003-3451-9794
ORCID Icon
Pages 106-123 | Published online: 14 Feb 2023

References

  • Swartz N. Protecting information from insiders: although organizations are making strides in protecting their sensitive information from outside threats, reports show they often are failing to protect it from the much greater threats posed by their own employees. Inf Manage J. 2007 May 1;41(3):20–24.
  • Patel A, Qassim Q, Wills C. A survey of intrusion detection and prevention systems. Inf Manage Comput Secur. 2010;18(4):277–90. doi:10.1108/09685221011079199.
  • Gartner. Myths about insider threat management. 2019 [accessed 2020 Feb]. https://www.gartner.com/en/documents/3947311/5-myths-about-insider-threat-management.
  • Ponemon. Cost of insider threat: global. 2018 [accessed 2020 Feb]. https://www.observeit.com/cost-of-insider-threats/.
  • Estevez-Tapiador JM, Garcia-Teodoro P, Diaz-Verdejo JE. Anomaly detection methods in wired networks: a survey and taxonomy. Comput Commun. 2004 Oct 15;27(16):1569–84. doi:10.1016/j.comcom.2004.07.002.
  • Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E. Anomaly-based network intrusion detection: techniques, systems and challenges. Comput Secur. 2009 Feb 1;28(1–2):18–28. doi:10.1016/j.cose.2008.08.003.
  • Bhatt S, Manadhata PK, Zomlot L. The operational role of security information and event management systems. IEEE Secur Privacy. 2014 Oct 15;12(5):35–41. doi:10.1109/MSP.2014.103.
  • Pang G, Shen C, Cao L, Hengel AV. Deep learning for anomaly detection: a review. ACM Comput Surv (CSUR). 2021 Mar 5;54(2):1–38. doi:10.1145/3439950.
  • Yuan S, Wu X. Deep learning for insider threat detection: review, challenges and opportunities. Comput Secur. 2021 May 1;104:102221. doi:10.1016/j.cose.2021.102221.
  • Page MJ, McKenzie JE, Bossuyt PM, Boutron I, Hoffmann TC, Mulrow CD, Shamseer L, Tetzlaff JM, Akl EA, Brennan SE, et al. The PRISMA 2020 statement: an updated guideline for reporting systematic reviews. Syst Rev. 2021 Dec;10(1):1. doi:10.1186/s13643-021-01626-4.
  • Martinez-Moyano IJ, Rich E, Conrad S, Andersen DF, Stewart TR. A behavioral theory of insider-threat risks: a system dynamics approach. ACM Trans Model Comput Simul (TOMACS). 2008 Apr 28 ;18(2):1–27. doi:10.1145/1346325.1346328.
  • Arafat Ali H. A new model for monitoring intrusion based on Petri nets. Inf Manage Comput Secur. 2001;9(4):175–82. doi:10.1108/EUM0000000005807.
  • Dutta P, Ryan G, Zieba A, Stolfo S. Simulated user bots: real time testing of insider threat detection systems. 2018 IEEE Security and Privacy Workshops (SPW); 2018 May 24. p. 228–36. doi:10.1109/SPW.2018.00038.
  • Sekar R, Gupta A, Frullo J, Shanbhag T, Tiwari A, Yang H, Zhou S. Specification-based anomaly detection: a new approach for detecting network intrusions. Proceedings of the 9th ACM Conference on Computer and Communications Security; 2002 Nov 18. p. 265–74. doi:10.1145/586110.586146.
  • Sekar R, Bendre M, Dhurjati D, Bollineni P. A fast automaton-based method for detecting anomalous program behaviors. Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001; 2000 May 14. p. 144–55. doi: 10.1109/SECPRI.2001.924295.
  • Michael CC, Ghosh A. Simple, state-based approaches to program-based anomaly detection. ACM Trans Inf Syst Secur (TISSEC). 2002 Aug 1;5(3):203–37. doi: 10.1145/545186.545187.
  • Joshi GS. An internal intrusion detection and protection system to resist insider Attacks. Int J Adv Res Comput Eng Technol (IJARCET). 2016;5:315–19.
  • Wagner D, Soto P. Mimicry attacks on host-based intrusion detection systems. Proceedings of the 9th ACM Conference on Computer and Communications Security; 2002 Nov 18. p. 255–64. doi:10.1145/586110.586145.
  • Salem MB, Stolfo SJ. Detecting masqueraders: a comparison of one-class bag-of-words user behavior modeling Techniques. J Wirel Mob Networks Ubiquitous Comput Dependable Appl. 2010 June;1(1):3–13. doi:10.1002/sec.311.
  • Kudłacik P, Porwik P, Wesołowski T. Fuzzy approach for intrusion detection based on user’s commands. Soft Comput. 2016 July;20(7):2705–19. doi:10.1007/s00500-015-1669-6.
  • Magklaras GB, Furnell SM, Brooke PJ. Towards an insider threat prediction specification language. Inf Manage Comput Secur. 2006 Aug 1;14(4):361–81. doi:10.1108/09685220610690826.
  • Bishop M, Conboy HM, Phan H, Simidchieva BI, Avrunin GS, Clarke LA, Osterweil LJ, Peisert S. Insider threat identification by process analysis. 2014 IEEE Security and Privacy Workshops; 2014 May 17. p. 251–64. doi: 10.1109/SPW.2014.40.
  • Zheng N, Paloski A, Wang H. An efficient user verification system via mouse movements. Proceedings of the 18th ACM Conference on Computer and Communications Security; 2011 Oct 17. p. 139–50. doi:10.1145/2046707.2046725.
  • Xiaojun C, Zicheng W, Yiguo P, Jinqiao S. A continuous re-authentication approach using ensemble learning. Procedia Comput Sci. 2013 Jan 1;17:870–78. doi:10.1016/j.procs.2013.05.111.
  • Kılıç AA, Yıldırım M, Anarım E. Bogazici mouse dynamics dataset. Data Brief. 2021 June 1;36:107094. doi:10.1016/j.dib.2021.107094.
  • Mathew S, Petropoulos M, Ngo HQ, Upadhyaya S. A data-centric approach to insider attack detection in database systems. International Workshop on Recent Advances in Intrusion Detection; 2010 Sept 15; Berlin, Heidelberg: Springer. p. 382–401. doi:10.1007/978-3-642-15512-3_20.
  • Khan MI, Foley SN, O’sullivan B. On database intrusion detection: a query analytics-based model of normative behavior to detect insider attacks. Proceedings of the 2017 the 7th International Conference on Communication and Network Security; 2017 Nov 24. p. 12–17. doi:10.1145/3163058.3163068.
  • Bu SJ, Cho SB. A convolutional neural-based learning classifier system for detecting database intrusion via insider attack. Inf Sci. 2020 Feb 1;512:123–36. doi:10.1016/j.ins.2019.09.055.
  • Brahma A, Panigrahi S. Role-based profiling using fuzzy adaptive resonance theory for securing database systems. Int J Appl Metaheuristic Comput (IJAMC). 2021 Apr 1;12(2):36–48. doi:10.4018/IJAMC.2021040103.
  • Go GM, Bu SJ, Cho SB. Detecting intrusion via insider attack in database transactions by learning disentangled representation with deep metric neural network. Computational Intelligence in Security for Information Systems Conference; 2019 May 13; Cham: Springer. p. 460–69. doi:10.1007/978-3-030-57805-3_43.
  • Hu Y, Panda B. A traceability link mining approach for identifying insider threats. Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies; 2009 Apr 13. p. 1–3. doi:10.1145/1558607.1558660.
  • Camiña B, Monroy R, Trejo LA, Sánchez E. Towards building a masquerade detection method based on user file system navigation. Mexican International Conference on Artificial Intelligence; 2011 Nov 26; Berlin, Heidelberg: Springer. p. 174–86. doi:10.1007/978-3-642-25324-9_15.
  • Gupta S, Hanson C, Gunter CA, Frank M, Liebovitz D, Malin B. Modeling and detecting anomalous topic access. 2013 IEEE International Conference on Intelligence and Security Informatics; 2013 June 4; IEEE. p. 100–05. doi:10.1109/ISI.2013.6578795.
  • Eldardiry H, Bart E, Liu J, Hanley J, Price B, Brdiczka O. Multi-domain information fusion for insider threat detection. 2013 IEEE Security and Privacy Workshops; 2013 May 23; IEEE. p. 45–51. doi:10.1109/SPW.2013.14.
  • Gavai G, Sricharan K, Gunning D, Rolleston R, Hanley J, Singhal M. Detecting insider threat from enterprise social and online activity data. Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats; 2015 Oct 16. p. 13–20. doi:10.1145/2808783.2808784.
  • Agrafiotis I, Nurse JR, Buckley O, Legg P, Creese S, Goldsmith M. Identifying attack patterns for insider threat detection. Comput Fraud Secur. 2015 July 1;2015(7):9–17. doi:10.1016/S1361-3723(15)30066-X.
  • Warren M. Modern IP theft and the insider threat. Comput Fraud Secur. 2015 June 1;2015(6):5–10. doi:10.1016/S1361-3723(15)30056-7.
  • Sun X, Wang Y, Shi Z. Insider threat detection using an unsupervised learning method: copod. 2021 International Conference on Communications, Information System and Computer Engineering (CISCE); 2021 May 14; IEEE. p. 749–54. doi:10.1109/CISCE52179.2021.9445898.
  • Williams AD, Abbott SN, Shoman N, Charlton WS. Results from invoking artificial neural networks to measure insider threat detection & mitigation. Digital Threats: Res Pract (DTRAP). 2021 Oct 22;3(1):1–20. doi:10.1145/3457909.
  • Xuan CD, Huong DT, Nguyen T. A novel intelligent cognitive computing-based APT malware detection for Endpoint systems. J Intell Fuzzy Syst. 2022. (Preprint);43(3):1–21. doi:10.3233/JIFS-220233.
  • Butts JW, Mills RF, Peterson GL. A multi discipline approach to mitigating the insider threat. International Conference on Information Warfare and Security (ICIW); 2006 Mar 15–16; Perth, Australia, 2006 Mar.
  • Kandias M, Mylonas A, Virvilis N, Theoharidou M, Gritzalis D. An insider threat prediction model. International Conference on Trust, Privacy and Security in Digital Business; 2010 Aug 30; Berlin, Heidelberg: Springer. p. 26–37. doi:10.1007/978-3-642-15152-1_3.
  • Brdiczka O, Liu J, Price B, Shen J, Patil A, Chow R, Bart E, Ducheneaut N. Proactive insider threat detection through graph learning and psychological context. 2012 IEEE Symposium on Security and Privacy Workshops; 2012 May 24; IEEE. p. 142–49. doi: 10.1109/SPW.2012.29.
  • Maasberg M. Insider espionage: recognizing ritualistic behavior by abstracting technical indicators from past cases. Proceedings of the 20th Americas Conference on Information Systems (AMCIS); 2014; Savannah, GA. p. 1–10.
  • Hashem Y, Takabi H, GhasemiGol M, Dantu R. Towards insider threat detection using psycho physiological signals. Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats; 2015 Oct 16. p. 71–74. doi:10.1145/2808783.2808792.
  • Kim Y, Sheldon F. Anomaly detection in multiple scale for insider threat analysis. Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research; 2011 Oct 12. p. 77–80. doi:10.1145/2179298.2179386.
  • Clarke K, Levy Y, Dringus L, Brown S. How workplace satisfaction affects insider threat detection as a vital variable for the mitigation of malicious cyber insiders. Online J Appl Knowl Manage (OJAKM). 2019;7(1):40–52. doi:10.36965/OJAKM.2019.7(1)40-52.
  • Cheh C, Thakore U, Fawaz A, Chen B, Temple WG, Sanders WH. Data-driven model-based detection of malicious insiders via physical access logs. ACM Trans Model Comput Simul (TOMACS). 2019 Nov 18;29(4):1–25. doi:10.1145/3309540.
  • Iraqi O, El Bakkali H. Communizer: a collaborative cloud-based self-protecting software communities framework-Focus on the alert coordination system. Comput Secur. 2022 June 1;117:102692. doi:10.1016/j.cose.2022.102692.
  • Li W, Tian F, Li J, Xiang Y. Evaluating intrusion sensitivity allocation with supervised learning in collaborative intrusion detection. Concurrency Comput. 2022 July 25;34(16):. doi:10.1002/cpe.5957.
  • Wang C, Zhu H. Wrongdoing monitor: a graph-based behavioral anomaly detection in cyber Security. IEEE Trans Inf Forensics Secur. 2022 July 15;17:2703–18. doi:10.1109/TIFS.2022.3191493.
  • Liu Y, Corbett C, Chiang K, Archibald R, Mukherjee B, Ghosal D. Detecting sensitive data exfiltration by an insider attack. Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead; 2008 May 12. p. 1–3. doi:10.1145/1413140.1413159.
  • Bertino E, Ghinita G. Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper. Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security; 2011 Mar 22. p. 10–19. doi:10.1145/1966913.1966916.
  • Ramachandran R, Neelakantan S, Bidyarthy AS. Behavior model for detecting data exfiltration in network environment. 2011 IEEE 5th International Conference on Internet Multimedia Systems Architecture and Application; 2011 Dec 12; IEEE. p. 1–5. doi:10.1109/IMSAA.2011.6156340.
  • Ambre A, Shekokar N. Insider threat detection using log analysis and event correlation. Procedia Comput Sci. 2015 Jan 1;45:436–45. doi:10.1016/j.procs.2015.03.175.
  • Zhang T, Zhao P. Insider threat identification system model based on rough set dimensionality reduction. 2010 Second World Congress on Software Engineering; 2010 Dec 19; IEEE. Vol. 2, p. 111–14. doi:10.1109/WCSE.2010.106.
  • Tapiador JE, Clark JA. Information-theoretic detection of masquerade mimicry attacks. 2010 Fourth International Conference on Network and System Security; 2010 Sept 1; IEEE. p. 183–90. doi:10.1109/NSS.2010.55.
  • Ben Salem M, Stolfo SJ. Decoy document deployment for effective masquerade attack detection. International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment; 2011 July 7; Berlin, Heidelberg: Springer. p. 35–54. doi:10.1007/978-3-642-22424-9_3.
  • Bowen BM, Hershkop S, Keromytis AD, Stolfo SJ. Baiting inside attackers using decoy documents. International Conference on Security and Privacy in Communication Systems; 2009 Sept 14; Berlin, Heidelberg: Springer. p. 51–70. doi:10.1007/978-3-642-05284-2_4.
  • Bowen BM, Salem MB, Keromytis AD, Stolfo SJ. Monitoring technologies for mitigating insider threats. In: Insider threats in cyber security. Boston, MA: Springer; 2010. p. 197–217. doi:10.1007/978-1-4419-7133-3_9.
  • Rashid T, Agrafiotis I, Nurse JR. A new take on detecting insider threats: exploring the use of hidden markov models. Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats; 2016 Oct 28. p. 47–56. doi:10.1145/2995959.2995964.
  • Legg PA, Buckley O, Goldsmith M, Creese S. Automated insider threat detection system using user and role-based profile assessment. IEEE Syst J. 2015 June 17;11(2):503–12. doi:10.1109/JSYST.2015.2438442.
  • Legg PA, Buckley O, Goldsmith M, Creese S. Caught in the act of an insider attack: detection and assessment of insider threat. In 2015 IEEE International Symposium on Technologies for Homeland Security (HST); 2015 Apr 14; IEEE. p. 1–6. doi:10.1109/THS.2015.7446229.
  • Sasaki T. Towards detecting suspicious insiders by triggering digital data sealing. 2011 Third International Conference on Intelligent Networking and Collaborative Systems; 2011 Nov 30; IEEE. p. 637–42. doi:10.1109/INCoS.2011.157.
  • Brancik K, Ghinita G. The optimization of situational awareness for insider threat detection. Proceedings of the First ACM Conference on Data and Application Security and Privacy; 2011 Feb 21. p. 231–36. doi:10.1145/1943513.1943544.
  • Chen Y, Nyemba S, Zhang W, Malin B. Leveraging social networks to detect anomalous insider actions in collaborative environments. Proceedings of 2011 IEEE International Conference on Intelligence and Security Informatics; 2011 July 10; IEEE. p. 119–24. doi:10.1109/ISI.2011.5984061.
  • Corney M, Mohay G, Clark A. Detection of anomalies from user profiles generated from system logs. Proceedings of the Ninth Australasian Information Security Conference; Perth, Australia, 2011; Australian Computer Society. p. 23–31.
  • Manadhata P, Yadav S, Rao P, Horne W. Detecting malicious domains via graph inference. Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop; 2014 Nov 7. p. 59–60. doi:10.1145/2666652.2666659.
  • Mathew S, Upadhyaya S, Ha D, Ngo HQ. Insider abuse comprehension through capability acquisition graphs. 2008 11th International Conference on Information Fusion; Cologne, Germany, 2008 June 30; IEEE. p. 1–8.
  • Peng J, Feng C, Qiao H, Rozenblit J. An event-driven architecture for fine grained intrusion detection and attack aftermath mitigation. 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS’07); 2007 Mar 26; IEEE. p. 55–62. doi:10.1109/ECBS.2007.18.
  • Ambili KN, Jose J. Trust based intrusion detection system to detect insider attacks in IoT systems. In: Information science and applications. Singapore: Springer; 2020. p. 631–38. doi:10.1007/978-981-15-1465-4_62.
  • Ajayi O, Saadawi T. Detecting insider attacks in blockchain networks. 2021 International Symposium on Networks, Computers and Communications (ISNCC); 2021; IEEE. p. 1–7. doi:10.1109/ISNCC52172.2021.9615799.
  • Gurung G, Bendiab G, Shiaele M, Shiaeles S. CIDS: collaborative intrusion detection system using blockchain technology. 2022 IEEE International Conference on Cyber Security and Resilience (CSR); 2022 July 27; IEEE. p. 125–30. doi:10.1109/CSR54599.2022.9850331.
  • Li W, Meng W, Parra-Arnau J, Choo KK. Enhancing challenge-based collaborative intrusion detection against insider attacks using spatial correlation. 2021 IEEE Conference on Dependable and Secure Computing (DSC); 2021 Jan 30; IEEE. p. 1–8. doi:10.1109/DSC49826.2021.9346232.
  • Li W, Wang Y, Li J, Au MH. Toward a blockchain-based framework for challenge-based collaborative intrusion detection. Int J Inf Secur. 2021 Apr;20(2):127–39. doi:10.1007/s10207-020-00488-6.
  • Makhdoom I, Hayawi K, Kaosar M, Mathew SS, Ho PH. D2Gen: a decentralized device genome based integrity verification mechanism for collaborative intrusion detection systems. IEEE Access. 2021 Oct 4;9:137260–80. doi:10.1109/ACCESS.2021.3117938.
  • Guerber C, Royer M, Larrieu N. Machine learning and software defined network to secure communications in a swarm of drones. J Inf Secur Appl. 2021 Sept 1;61:102940. doi:10.1016/j.jisa.2021.102940.
  • Kantzavelou I, Maglaras L, Tzikopoulos PF, Katsikas S. A multiplayer game model to detect insiders in wireless sensor networks. PeerJ Comput Sci. 2022 Jan 20;8:e791. doi:10.7717/PEERJ-CS.791.
  • Gracy Theresa W, Prakash M, Betina Antony J. Multicast on-route cluster propagation using to identify the network intrusion detection system in mobile ad hoc network. Int J Commun Syst. 2021 July 25;34(11):e4850. doi:10.1002/dac.4850.
  • Talukdar MI, Hassan R, Hossen MS, Ahmad K, Qamar F, Ahmed AS. Performance improvements of AODV by black hole attack detection using IDS and digital signature. Wireless Commun Mobile Comput. 2021 Mar 2;2021:1–13. doi:10.1155/2021/6693316.
  • Dutta AK, Negi R, Shukla SK. Robust multivariate anomaly-based intrusion detection system for cyber-physical systems. In: International Symposium on Cyber Security Cryptography and Machine Learning. Cham: Springer; 2021 July 8. p. 86–93. doi:10.1007/978-3-030-78086-9_6.
  • Singh A, Chatterjee K, Satapathy SC. TrIDS: an intelligent behavioural trust based IDS for smart healthcare system. Cluster Comput. 2022 May;23:1–23. doi:10.1007/s10586-022-03614-2.
  • Kumar A, Abhishek K, Liu X, Haldorai A. An efficient privacy-preserving id centric authentication in iot based cloud servers for sustainable smart cities. Wireless Pers Commun. 2021 Apr;117(4):3229–53. doi:10.1007/s11277-020-07979-8.
  • Saipriya T, Anand M. To secure IoT sensor nodes through Fog computing. 2021 Second International Conference on Electronics and Sustainable Communication Systems (ICESC); 2021 Aug 4; IEEE. p. 836–44. doi:10.1109/ICESC51422.2021.9532693.
  • Choi B, Cho K. Detection of insider attacks to the web server. J Wirel Mob Networks Ubiquitous Comput Dependable Appl. 2012 Dec;3(4):35–45. doi:10.22667/JOWUA.2012.12.31.035.
  • Maloof MA, Stephens GD. Elicit: a system for detecting insiders who violate need-to-know. In: International workshop on recent advances in intrusion detection. Berlin, Heidelberg: Springer; 2007 Sept 5. p. 146–66. doi:10.1007/978-3-540-74320-0_8.
  • Lee BK, Yang SH, Kwon DH, Kim DY. PGNIDS (Pattern-Graph based network intrusion detection system) design. International Conference on Computational Science and Its Applications; 2006 May 8; Berlin, Heidelberg: Springer. p. 38–47. doi:10.1007/11751595_5.
  • Kannadiga P, Zulkernine M, Haque A. E-NIPS: an event-based network intrusion prediction system. International Conference on Information Security; 2007 Oct 9; Berlin, Heidelberg: Springer. p. 37–52. doi:10.1007/978-3-540-75496-1_3.
  • Suganthi S, Aramudhan M. Fuzzy based response and avoidance technique for DDoS attacks in WLAN. Int J Appl Eng Res. 2016;11(2):1548–55. doi:10.1504/IJMNDI.2016.079002.
  • Das A. Design and development of an efficient network intrusion detection system using ensemble machine learning techniques for Wifi environments. Int J Adv Comput Sci Appl. 2022;13(4). doi:10.14569/IJACSA.2022.0130499.
  • Gupta S, Kumar P, Abraham A. A profile based network intrusion detection and prevention system for securing cloud environment. Int J Distrib Sens Netw. 2013 Mar 27;9(3):364575. doi:10.1155/2013/364575.
  • Wang H, Liu S, Zhang X. A prediction model of insider threat based on multi-agent. 2006 First International Symposium on Pervasive Computing and Applications; 2006 Aug 3; IEEE. 273–78. doi:10.1109/SPCA.2006.297582.
  • Kemmerer RA, Vigna G. Intrusion detection: a brief history and overview. Computer. 2002 Apr;35(4):supl27–30. doi:10.1109/MC.2002.1012428.
  • Myers J, Grimaila MR, Mills RF. Towards insider threat detection using web server logs. Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies; 2009 Apr 13. p. 1–4. doi:10.1145/1558607.1558670.
  • Myers J, Grimaila MR, Mills RF. Adding value to log event correlation using distributed techniques. Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research; 2010 Apr 21. p. 1–4. doi:10.1145/1852666.1852702.
  • Raissi-Dehkordi M, Carr D. A multi-perspective approach to insider threat detection. 2011-MILCOM 2011 Military Communications Conference; 2011 Nov 7; IEEE. p. 1164–69. doi:10.1109/MILCOM.2011.6127457.
  • Liu F, Wen Y, Zhang D, Jiang X, Xing X, Meng D. Log2vec: a heterogeneous graph embedding based approach for detecting cyber threats within enterprise. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security; 2019 Nov 6. p. 1777–94. doi:10.1145/3319535.3363224.
  • Nisha TN, Pramod D. Sequential pattern analysis for event-based intrusion detection. Int J Inf Comput Secur. 2019;11(4/5):476–92. doi:10.1504/IJICS.2019.10023475.
  • Lodi G, Aniello L, Di Luna GA, Baldoni R. An event-based platform for collaborative threats detection and monitoring. Inf Syst. 2014 Jan 1;39:175–95. 10.1016/j.is.2013.07.005.
  • Jakobson G, Weissman M, Brenner L, Lafond C, Matheus C. GRACE: building next generation event correlation services. IEEE; 2000 Apr 10. p. 701–14. doi:10.1109/NOMS.2000.830423
  • Sailhan F, Bourgeois J. Log-based distributed intrusion detection for hybrid networks. Proceedings of the 4th annual workshop on cyber security and information intelligence research: Developing strategies to meet the cyber security and information intelligence challenges ahead; 2008 May 12. p. 1–3. doi:10.1145/1413140.1413160.
  • Baumgärtner L, Strack C, Hoßbach B, Seidemann M, Seeger B, Freisleben B. Complex event processing for reactive security monitoring in virtualized computer systems. Proceedings of the 9th ACM International Conference on Distributed Event-Based Systems; 2015 June 24. p. 22–33. doi:10.1145/2675743.2771829.
  • Schonlau M, DuMouchel W, Ju WH, Karr AF, Theus M, Vardi Y. Computer intrusion: detecting masquerades. Stat Sci. 2001 Feb;1(1):58–74. doi:10.1016/S0020-0190(00)00122-8.
  • Ju WH, Vardi Y. A hybrid high-order Markov chain model for computer intrusion detection. J Comput Graphical Stat. 2001 June 1;10(2):277–95. 10.1198/10618600152628068.
  • Pramono YW. Anomaly-based intrusion detection and prevention system on website usage using rule-growth sequential pattern analysis: case study: statistics of Indonesia (BPS) website. 2014 International Conference of Advanced Informatics: Concept, Theory and Application (ICAICTA); 2014 Aug 20; IEEE. p. 203–08. doi:10.1109/ICAICTA.2014.7005941.
  • Wang L, Tan X, Pan J, Xi H. Application of prefixspan* algorithm in malware detection expert system. 2009 First International Workshop on Education Technology and Computer Science; 2009 Mar 7; IEEE; Vol. 3, p. 448–52. doi:10.1109/ETCS.2009.629.
  • Fan Y, Ye Y, Chen L. Malicious sequential pattern mining for automatic malware detection. Expert Syst Appl. 2016 June 15;52:16–25. doi:10.1016/j.eswa.2016.01.002.
  • Wang P, Wang H, Liu M, Wang W. An algorithmic approach to event summarization. In Proceedings of the 2010 ACM SIGMOD International Conference on Management of data; 2010 June 6. p. 183–94. doi:10.1145/1807167.1807189.
  • Berberidis C, Vlahavas I. Detection and prediction of rare events in transaction databases. Int J Artif Intell Tools. 2007 Oct;16(05):829–48. doi:10.1142/S0218213007003564.
  • Kim YH, Park WH. A study on cyber threat prediction based on intrusion detection event for APT attack detection. Multimed Tools Appl. 2014 July;71(2):685–98. doi:10.1007/s11042-012-1275-x.
  • Nisha TN, Pramod D. Sequential event-based detection of network attacks on CSE CIC IDS 2018 data set–application of GSP and IPAM Algorithm. 2022 International Conference on Computing, Communication, Security and Intelligent Systems (IC3SIS); 2022 June 23; IEEE. p. 1–7. doi:10.1109/IC3SIS54991.2022.9885438.
  • Ma S, Hellerstein JL. Mining partially periodic event patterns with unknown periods. Proceedings 17th International Conference on Data Engineering; 2001 Apr 2; IEEE. p. 205–14. doi:10.1109/ICDE.2001.914829.
  • Xu W, Huang L, Fox A, Patterson D, Jordan M. Online system problem detection by mining patterns of console logs. 2009 Ninth IEEE International Conference on Data Mining; 2009 Dec 6; IEEE. p. 588–97. doi:10.1109/ICDM.2009.19.
  • Jindal R, Singh I. Detecting malicious transactions in database using hybrid metaheuristic clustering and frequent sequential pattern mining. Cluster Comput. 2022 June;1:1–23. doi:10.1007/s10586-022-03622-2.
  • Ravinder Reddy R, Ayyappa Reddy K, Madan Kumar C, Ramadevi Y. Detection of network anomaly sequences using deep recurrent neural networks. In: Smart computing techniques and applications. Singapore: Springer; 2021. p. 605–15. doi:10.1007/978-981-16-1502-3_60.
  • Xue A, Hong S, Ju S, Chen W. Application of sequential patterns based on user’s interest in intrusion detection. 2008 IEEE International Symposium on IT in Medicine and Education; 2008 Dec 12; IEEE. p. 1089–93. doi:10.1109/ITME.2008.4744038.
  • Reshamwala A, Mahajan S. Detection of DoS attack time interval sequences on network traffic. 2012 World Congress on Information and Communication Technologies; 2012; IEEE. p. 739–44. doi:10.1109/WICT.2012.6409172.
  • Srikant R, Agrawal R. Mining sequential patterns: generalizations and performance improvements. International Conference on Extending Database Technology; 1996 Mar 25; Berlin, Heidelberg: Springer. p. 1–17. doi:10.1007/BFb0014140.
  • Wuu LC, Hung CH, Chen SF. Building intrusion pattern miner for Snort network intrusion detection system. J Syst Softw. 2007 Oct 1;80(10):1699–715. doi:10.1016/j.jss.2006.12.546.
  • Bahareth FA, Bamasak OO. Constructing attack scenario using sequential pattern mining with correlated candidate sequences. Res Bull Jordan ACM. 2013 Apr;II(III):102–08.
  • Yuan E, Malek S. Mining software component interactions to detect security threats at the architectural level. 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA); 2016 Apr 5; IEEE. p. 211–20. doi:10.1109/WICSA.2016.12.
  • Azmoodeh A, Dehghantanha A, Choo KK. Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning. IEEE Trans Sustainable Comput. 2018 Feb 26;4(1):88–95. doi:10.1109/TSUSC.2018.2809665.
  • Fernández GC, Xu S. A case study on using deep learning for network intrusion detection. MILCOM 2019-2019 IEEE Military Communications Conference (MILCOM); 2019 Nov 12; IEEE. p. 1–6. doi:10.1109/MILCOM47813.2019.9020824.
  • Elejla OE, Anbar M, Belaton B, Hamouda S. Labeled flow-based dataset of ICMPv6-based DDoS attacks. Neural Comput Appl. 2019 Aug;31(8):3629–46. doi:10.1007/s00521-017-3319-7.
  • Prasad KM, Siva V, Nagamuneiah J, Nelaballi S. An ensemble framework for flow-based application layer DDoS attack detection using data mining techniques. In ICT analysis and applications. Singapore: Springer; 2020. p. 9–19. doi:10.1007/978-981-15-0630-7_2.
  • Bindra N, Sood M. Detecting DDoS attacks using machine learning techniques and contemporary intrusion detection dataset. Autom Control Comput Sci. 2019 Sept;53(5):419–28. doi:10.3103/S0146411619050043.
  • David J, Thomas C. Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic. Comput Secur. 2019 May 1;82:284–95. doi:10.1016/j.cose.2019.01.002.
  • Yan Y, Tang D, Zhan S, Dai R, Chen J, Zhu N. Low-rate dos attack detection based on improved logistic regression. 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS); 2019 Aug 10. p. 468–76. doi:10.1109/HPCC/SmartCity/DSS.2019.00076.
  • Elsayed MS, Le-Khac NA, Dev S, Jurcut AD Machine-learning techniques for detecting attacks in SDN. 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT); 2019 Oct 19. p. 277–81. doi:10.1109/ICCSNT47585.2019.8962519.
  • Latah M, Toker L. Minimizing false positive rate for DoS attack detection: a hybrid SDN-based approach. ICT Express. 2020 June 1;6(2):125–27. doi:10.1016/j.icte.2019.11.002.
  • Gonzalez-Cuautle D, Hernandez-Suarez A, Sanchez-Perez G, Toscano-Medina LK, Portillo-Portillo J, Olivares-Mercado J, Perez-Meana HM, Sandoval-Orozco AL. Synthetic minority oversampling technique for optimizing classification tasks in botnet and intrusion-detection-system datasets. Appl Sci. 2020 Jan 22;10(3):794. 10.3390/app10030794.
  • Koroniotis N, Moustafa N, Sitnikova E, Turnbull B. Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: bot-iot dataset. Future Gener Comput Syst. 2019 Nov 1;100:779–96. doi:10.1016/j.future.2019.05.041.
  • Su L, Yao Y, Lu Z, Liu B. Understanding the influence of graph Kernels on deep learning architecture: a case study of flow-based network attack detection. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE); 2019 Aug 5. p. 312–18. doi:10.1109/TrustCom/BigDataSE.2019.00049.
  • DARPA intrusion detection evaluation. [accessed 2019 Mar]. http://www.ll.mit.edu/IST/ideval/data/dataindex.html.
  • CAIDA datasets. [ accessed 2019 Mar 13]. http://www.caida.org/data/statistics/all-data.xml.
  • KDD1999datasets. [ accessed 2019 Apr 20]. http://www.sigkdd.org/kddcup/index.php?section=1999&method=data.
  • NSL-dataset. [ accessed 2019 Apr 20]. http://iscx.ca/NSL-KDD.
  • CTFC (Capture the flag contest) defcon datasets. [ accessed 2019 Jan 9]. http://cctf.shmoo.com/data/.
  • LBNL/ICSI. [accessed 2019 Apr 20]. http://www.icir.org/enterprise-tracing/.
  • Bhuyan MH, Bhattacharyya DK, Kalita JK. Towards generating real-life datasets for network intrusion detection. Int J Netw Secur. 2015 Nov 1;17(6):683–701.
  • Nehinbe JO. A critical evaluation of datasets for investigating IDSs and IPSs researches. 2011 IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS); 2011 Sept 1; IEEE. p. 92–97. doi:10.1109/CIS.2011.6169141.
  • Senator TE, Goldberg HG, Memory A, Young WT, Rees B, Pierce R, Huang D, Reardon M, Bader DA, Chow E, et al. Detecting insider threats in a real corporate database of computer usage activity. Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining; 2013 Aug 11. p. 1393–401. doi:10.1145/2487575.2488213.
  • Glasser J, Lindauer B. Bridging the gap: a pragmatic approach to generating insider threat data. 2013 IEEE Security and Privacy Workshops; 2013 May 23; IEEE. p. 98–104. doi:10.1109/SPW.2013.37.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.