Detecting anomalous network hosts by means of PCA
作者: Tomas Pevny , Martin Rehak , Martin Grill
DOI: 10.1109/WIFS.2012.6412633
关键词:
摘要: This paper focuses on the identification of anomalous hosts within a computer network with motivation to detect attacks and/or other unwanted and suspicious traffic. The proposed detection method does not use content packets, which enables be used encrypted networks. Moreover, has very low computational complexity allowing fast response important for limitation potential damages. uses entropies IP addresses ports build two complementary models host's traffic based principal component analysis. These are coupled orthogonal anomaly definitions, gives four different detectors. methods evaluated compared prior art one week long capture university network. experiments reveals that no single detector can all types anomalies, is expected stresses importance ensemble approach towards intrusion detection.
sci-hub.se 参考文章(11)
Kanoksri Sarinnapakorn, Mei-Ling Shyu, Shu-Ching Chen, LiWu Chang, A Novel Anomaly Detection Scheme Based on Principal Component Classifier international conference on data mining. pp. 172- 179 ,(2003)
J. Edward Jackson, Govind S. Mudholkar, Control Procedures for Residuals Associated With Principal Component Analysis Technometrics. ,vol. 21, pp. 341- 349 ,(1979) , 10.1080/00401706.1979.10489779
Benjamin I.P. Rubinstein, Blaine Nelson, Ling Huang, Anthony D. Joseph, Shing-hon Lau, Satish Rao, Nina Taft, J. D. Tygar, ANTIDOTE Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference - IMC '09. pp. 1- 14 ,(2009) , 10.1145/1644893.1644895
Baris Coskun, Sven Dietrich, Nasir Memon, Friends of an enemy: identifying local members of peer-to-peer botnets using mutual contacts annual computer security applications conference. pp. 131- 140 ,(2010) , 10.1145/1920261.1920283
Fernando Silveira, Christophe Diot, Nina Taft, Ramesh Govindan, Detecting traffic anomalies using an equilibrium property measurement and modeling of computer systems. ,vol. 38, pp. 377- 378 ,(2010) , 10.1145/1811039.1811095
Martin Rehák, Michal Pechoucek, Martin Grill, Jan Stiborek, Karel Bartos, Pavel Celeda, None, Adaptive Multiagent System for Network Traffic Monitoring IEEE Intelligent Systems. ,vol. 24, pp. 16- 25 ,(2009) , 10.1109/MIS.2009.42
Martin Rehak, Michal Pechoucek, Karel Bartos, Martin Grill, Pavel Celeda, ISABEL: A Multi Agent e-Learning System That Supports Multiple Devices ieee wic acm international conference on intelligent agent technology. pp. 485- 488 ,(2007) , 10.1109/IAT.2007.67
Anukool Lakhina, Mark Crovella, Christiphe Diot, Characterization of network-wide anomalies in traffic flows internet measurement conference. pp. 201- 206 ,(2004) , 10.1145/1028788.1028813
Anukool Lakhina, Mark Crovella, Christophe Diot, Mining anomalies using traffic feature distributions acm special interest group on data communication. ,vol. 35, pp. 217- 228 ,(2005) , 10.1145/1080091.1080118
D. Brauckhoff, K. Salamatian, M. May, Applying PCA for Traffic Anomaly Detection: Problems and Solutions international conference on computer communications. pp. 2866- 2870 ,(2009) , 10.1109/INFCOM.2009.5062248