Iraqi Publishes in Security and Communication Networks Journal
Mr. Omar Iraqi, Computer Science faculty at the School of Science and Engineering recently published an article titled "Application-Level Unsupervised Outlier-Based Intrusion Detection and Prevention" in Security and Communication Networks Journal:
As cyber threats are permanently jeopardizing individuals’ privacy and organizations’ security, there have been several efforts to empower software applications with built-in immunity. In this paper, we present our approach to immune applications through application-level, unsupervised, outlier-based intrusion detection and prevention. Our framework allows tracking application domain objects all along the processing lifecycle. It also leverages the application business context and learns from production data, without creating any training burden on the application owner. Moreover, as our framework uses runtime application instrumentation, it incurs no additional cost on the application provider. We build a fine-grained and rich-feature application behavioral model that gets down to the method level and its invocation context. We define features to be independent from the variable structure of method invocation parameters and returned values, while preserving security-relevant information. We implemented our framework in a Java environment and evaluated it on a widely-used, enterprise-grade, and open-source ERP. We tested several unsupervised outlier detection algorithms and distance functions. Our framework achieved the best results in terms of effectiveness using the Local Outlier Factor algorithm and the Clark distance, while the average instrumentation overhead per intercepted call remains acceptable.
You can read the article here: https://www.hindawi.com/journals/scn/2019/8368473/