Are Network Attacks Outliers? A Study of Space Representations and Unsupervised Algorithms
作者: Félix Iglesias , Alexander Hartl , Tanja Zseby , Arthur Zimek
DOI: 10.1007/978-3-030-43887-6_13
关键词:
摘要: Among network analysts, “anomaly” and “outlier” are terms commonly associated to attacks. Attacks outliers (or anomalies) in the sense that they exploit communication protocols with novel infiltration techniques against which there no defenses yet. But due dynamic heterogeneous nature of traffic, attacks may look like normal traffic variations. Also attackers try make indistinguishable from traffic. Then, actual anomalies? This paper tries answer this important question analytical perspectives. To end, we test outlierness a recent, complete dataset for evaluating Intrusion Detection by using five different feature vectors representation outlier ranking algorithms. In addition, craft new vector maximizes discrimination power outlierness. Results show significantly more than legitimate traffic—specially representations profile endpoints—, although attack non-attack distributions strongly overlap. Given spaces noisy density variations spaces, algorithms measure locally less effective global distance estimations. Our research confirms unsupervised methods suitable detection, but also must be combined leverage pre-knowledge prevent high false positive rates. findings expand basis detection.
springer.com
sci-hub.st 参考文章(37)
David Martin Ward Powers, None, Evaluation: from Precision, Recall and F-measure to ROC, Informedness, Markedness and Correlation arXiv: Learning. ,vol. 2, pp. 37- 63 ,(2011)
Zakir Durumeric, Michael Bailey, J Alex Halderman, None, An internet-wide view of internet-wide scanning usenix security symposium. pp. 65- 78 ,(2014)
Monowar H. Bhuyan, D. K. Bhattacharyya, J. K. Kalita, Network Anomaly Detection: Methods, Systems and Tools IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 303- 336 ,(2014) , 10.1109/SURV.2013.052213.00046
Fei Tony Liu, Kai Ming Ting, Zhi-Hua Zhou, Isolation-Based Anomaly Detection ACM Transactions on Knowledge Discovery from Data. ,vol. 6, pp. 1- 39 ,(2012) , 10.1145/2133360.2133363
Yeon-sup Lim, Hyun-chul Kim, Jiwoong Jeong, Chong-kwon Kim, Ted "Taekyoung" Kwon, Yanghee Choi, Internet traffic classification demystified: on the sources of the discriminative power conference on emerging network experiment and technology. pp. 9- ,(2010) , 10.1145/1921168.1921180
Claude Fachkha, Elias Bou-Harb, Mourad Debbabi, Towards a Forecasting Model for Distributed Denial of Service Activities network computing and applications. pp. 110- 117 ,(2013) , 10.1109/NCA.2013.13
Stefan Axelsson, The base-rate fallacy and its implications for the difficulty of intrusion detection computer and communications security. pp. 1- 7 ,(1999) , 10.1145/319709.319710
Ratinder Kaur, Maninder Singh, A Survey on Zero-Day Polymorphic Worm Detection Techniques IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 1520- 1549 ,(2014) , 10.1109/SURV.2014.022714.00160
Nigel Williams, Sebastian Zander, Grenville Armitage, A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification ACM SIGCOMM Computer Communication Review. ,vol. 36, pp. 5- 16 ,(2006) , 10.1145/1163593.1163596
Erich Schubert, Arthur Zimek, Hans-Peter Kriegel, Local outlier detection reconsidered: a generalized view on locality with applications to spatial, video, and network outlier detection Data Mining and Knowledge Discovery. ,vol. 28, pp. 190- 237 ,(2014) , 10.1007/S10618-012-0300-Z