Learning Rules and Clusters for Anomaly Detection in Network Traffic
作者: Philip K. Chan , Matthew V. Mahoney , Muhammad H. Arshad
关键词: Artificial intelligence 、 Signature (logic) 、 Computer science 、 Pattern recognition 、 Intrusion detection system 、 Construct (python library) 、 Outlier 、 Machine learning 、 Cluster analysis 、 Signature detection 、 Anomaly detection
摘要: Much of the intrusion detection research focuses on signature (misuse) detection, where models are built to recognize known attacks. However, by its nature, cannot detect novel Anomaly modeling normal behavior and identifying significant deviations, which could be In this chapter we explore two machine learning methods that can construct anomaly from past behavior. The first method is a rule algorithm characterizes in absence labeled attack data. second uses clustering identify outliers.
springer.com
sci-hub.se 参考文章(38)
Tim Niblett, Constructing Decision Trees in Noisy Domains. EWSL. pp. 67- 78 ,(1987)
Sushil Jajodia, Daniel Barbará, Ningning Wu, DETECTING NOVEL NETWORK INTRUSIONS USING BAYES ESTIMATORS siam international conference on data mining. pp. 0- 0 ,(2001)
Peter G. Neumann, Phillip A. Porras, Experience with EMERALD to Date ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1. pp. 73- 80 ,(1999)
Raymond T. Ng, Edwin M. Knorr, Algorithms for Mining Distance-Based Outliers in Large Datasets very large data bases. pp. 392- 403 ,(1998)
Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, Sal Stolfo, A Geometric Framework for Unsupervised Anomaly Detection Applications of Data Mining in Computer Security. pp. 77- 101 ,(2002) , 10.1007/978-1-4615-0953-0_4
E Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, Sal Stolfo, A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA APPLICATIONS OF DATA MINING IN COMPUTER SECURITY. pp. 0- 0 ,(2002) , 10.7916/D8D50TQT
Frank Apap, Andrew Honig, Shlomo Hershkop, Eleazar Eskin, Sal Stolfo, None, Detecting malicious software by monitoring anomalous windows registry accesses recent advances in intrusion detection. pp. 36- 53 ,(2002) , 10.1007/3-540-36084-0_3
Stuart Staniford, James A. Hoagland, Joseph M. McAlerney, Practical automated detection of stealthy portscans Journal of Computer Security. ,vol. 10, pp. 105- 136 ,(2002) , 10.3233/JCS-2002-101-205
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Karlton Sequeira, Mohammed Zaki, ADMIT Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '02. pp. 386- 395 ,(2002) , 10.1145/775047.775103