Practical Intrusion Detection of Emerging Threats

Mills, Ryan and Marnerides, Angelos and Broadbent, Matthew and Race, Nicholas (2022) Practical Intrusion Detection of Emerging Threats. IEEE Transactions on Network and Service Management, 19 (1). pp. 582-600. ISSN 1932-4537

[thumbnail of Practical_Intrusion_Detection_of_Emerging_Threats_Accepted_Version]
Text (Practical_Intrusion_Detection_of_Emerging_Threats_Accepted_Version)
TNSM_Paper_Accepted_Version.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.

Download (3MB)


The Internet of Things (IoT), in combination with advancements in Big Data, communications and networked systems, offers a positive impact across a range of sectors including health, energy, manufacturing and transport. By virtue of current business models adopted by manufacturers and ICT operators, IoT devices are deployed over various networked infrastructures with minimal security, opening up a range of new attack vectors. Conventional rule-based intrusion detection mechanisms used by network management solutions rely on pre-defined attack signatures and hence are unable to identify new attacks. In parallel, anomaly detection solutions tend to suffer from high false positive rates due to the limited statistical validation of ground truth data, which is used for profiling normal network behaviour. In this work we go beyond current solutions and leverage the coupling of anomaly detection and Cyber Threat Intelligence (CTI) with parallel processing for the profiling and detection of emerging cyber attacks. We demonstrate the design, implementation, and evaluation of Citrus: a novel intrusion detection framework which is adept at tackling emerging threats through the collection and labelling of live attack data by utilising diverse Internet vantage points in order to detect and classify malicious behaviour using graph-based metrics as well as a range of machine learning (ML) algorithms. Citrus considers the importance of ground truth data validation and its flexible software architecture enables both the real-time and offline profiling, detection and classification of emerging cyber-attacks under optimal computational costs. Thus, establishing it as a viable and practical solution for next generation network defence and resilience strategies.

Item Type:
Journal Article
Journal or Publication Title:
IEEE Transactions on Network and Service Management
Additional Information:
©2021 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Uncontrolled Keywords:
?? intrusion detectionmachine learningcyber threat intelligencecomputer networks and communicationselectrical and electronic engineering ??
ID Code:
Deposited By:
Deposited On:
14 Jun 2021 08:05
Last Modified:
17 Jun 2024 00:02