Skip to main content

Research Repository

Advanced Search

Practical Intrusion Detection of Emerging Threats

Mills, Ryan; Marnerides, Angelos K; Broadbent, Matthew; Race, Nicholas


Ryan Mills

Angelos K Marnerides

Nicholas Race


The Internet of Things (IoT), in combination with advancements in Big Data, communications and networked systems, offers a positive impact across a range of sectors including health, energy, manufacturing and transport. By virtue of current business models adopted by manufacturers and ICT operators, IoT devices are deployed over various networked infrastructures with minimal security, opening up a range of new attack vectors. Conventional rule-based intrusion detection mechanisms used by network management solutions rely on pre-defined attack signatures and hence are unable to identify new attacks. In parallel, anomaly detection solutions tend to suffer from high false positive rates due to the limited statistical validation of ground truth data, which is used for profiling normal network behaviour. In this work we go beyond current solutions and leverage the coupling of anomaly detection and Cyber Threat Intelligence (CTI) with parallel processing for the profiling and detection of emerging cyber attacks. We demonstrate the design, implementation, and evaluation of Citrus: a novel intrusion detection framework which is adept at tackling emerging threats through the collection and labelling of live attack data by utilising diverse Internet vantage points in order to detect and classify malicious behaviour using graph-based metrics as well as a range of machine learning (ML) algorithms. Citrus considers the importance of ground truth data validation and its flexible software architecture enables both the real-time and offline profiling, detection and classification of emerging cyber-attacks under optimal computational costs. Thus, establishing it as a viable and practical solution for next generation network defence and resilience strategies.

Journal Article Type Article
Online Publication Date Jun 22, 2021
Publication Date Mar 1, 2022
Deposit Date Feb 16, 2022
Journal IEEE Transactions on Network and Service Management
Print ISSN 1932-4537
Electronic ISSN 2373-7379
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Volume 19
Issue 1
Pages 582-600
Keywords Intrusion Detection, Machine Learning, Cyber Threat Intelligence
Public URL