All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Utilising Flow Aggregation to Classify Benign Imitating Attacks

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F21%3A00349700" target="_blank" >RIV/68407700:21230/21:00349700 - isvavai.cz</a>

  • Result on the web

    <a href="https://doi.org/10.3390/s21051761" target="_blank" >https://doi.org/10.3390/s21051761</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.3390/s21051761" target="_blank" >10.3390/s21051761</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Utilising Flow Aggregation to Classify Benign Imitating Attacks

  • Original language description

    Cyber-attacks continue to grow, both in terms of volume and sophistication. This is aided by an increase in available computational power, expanding attack surfaces, and advancements in the human understanding of how to make attacks undetectable. Unsurprisingly, machine learning is utilised to defend against these attacks. In many applications, the choice of features is more important than the choice of model. A range of studies have, with varying degrees of success, attempted to discriminate between benign traffic and well-known cyber-attacks. The features used in these studies are broadly similar and have demonstrated their effectiveness in situations where cyber-attacks do not imitate benign behaviour. To overcome this barrier, in this manuscript, we introduce new features based on a higher level of abstraction of network traffic. Specifically, we perform flow aggregation by grouping flows with similarities. This additional level of feature abstraction benefits from cumulative information, thus qualifying the models to classify cyber-attacks that mimic benign traffic. The performance of the new features is evaluated using the benchmark CICIDS2017 dataset, and the results demonstrate their validity and effectiveness. This novel proposal will improve the detection accuracy of cyber-attacks and also build towards a new direction of feature extraction for complex ones.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2021

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Sensors - Open Access Journal

  • ISSN

    1424-8220

  • e-ISSN

    1424-8220

  • Volume of the periodical

    21

  • Issue of the periodical within the volume

    5

  • Country of publishing house

    CH - SWITZERLAND

  • Number of pages

    17

  • Pages from-to

    1-17

  • UT code for WoS article

    000628600700001

  • EID of the result in the Scopus database

    2-s2.0-85101932116

Similar results(10)

POSTER: Dragging Attackers to Honeypots for Effective Analysis of Cybernetic ThreatsSession-level Adversary Intent-Driven Cyberattack SimulatorFlow-Based Detection of IPv6-specific Network Layer Attacks