Next Article in Journal
Electromagnetic Field Based WPT Technologies for UAVs: A Comprehensive Survey
Previous Article in Journal
Density Peak Clustering Algorithm Considering Topological Features
Previous Article in Special Issue
Practical Implementation of Privacy Preserving Clustering Methods Using a Partially Homomorphic Encryption Algorithm
Open AccessArticle

Intrusion Detection Based on Spatiotemporal Characterization of Cyberattacks

by Jiyeon Kim 1,* and Hyong S. Kim 2
Center for Software Educational Innovation, Seoul Women’s University, Seoul 01797, Korea
Department of Electrical and Computer Engineering, Carnegie Mellon University, Pittsburgh, PA 15213, USA
Author to whom correspondence should be addressed.
Electronics 2020, 9(3), 460;
Received: 3 December 2019 / Revised: 28 February 2020 / Accepted: 29 February 2020 / Published: 9 March 2020
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
As attack techniques become more sophisticated, detecting new and advanced cyberattacks with traditional intrusion detection techniques based on signature and anomaly is becoming challenging. In signature-based detection, not only do attackers bypass known signatures, but they also exploit unknown vulnerabilities. As the number of new signatures is increasing daily, it is also challenging to scale the detection mechanisms without impacting performance. For anomaly detection, defining normal behaviors is challenging due to today’s complex applications with dynamic features. These complex and dynamic characteristics cause much false positives with a simple outlier detection. In this work, we detect intrusion behaviors by looking at number of computing elements together in time and space, whereas most of existing intrusion detection systems focus on a single element. In order to define the spatiotemporal intrusion patterns, we look at fundamental behaviors of cyberattacks that should appear in any possible attacks. We define these individual behaviors as basic cyberattack action (BCA) and develop a stochastic graph model to represent combination of BCAs in time and space. In addition, we build an intrusion detection system to demonstrate the detection mechanism based on the graph model. We inject numerous known and possible unknown attacks comprising BCAs and show how the system detects these attacks and how to locate the root causes based on the spatiotemporal patterns. The characterization of attacks in spatiotemporal patterns with expected essential behaviors would present a new effective approach to the intrusion detection. View Full-Text
Keywords: intrusion detection; spatiotemporal pattern; cyberattacks; cybersecurity intrusion detection; spatiotemporal pattern; cyberattacks; cybersecurity
Show Figures

Figure 1

MDPI and ACS Style

Kim, J.; Kim, H.S. Intrusion Detection Based on Spatiotemporal Characterization of Cyberattacks. Electronics 2020, 9, 460.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

Back to TopTop