Data preprocessing for anomaly based network intrusion detection: A review
作者: Jonathan J. Davis , Andrew J. Clark
DOI: 10.1016/J.COSE.2011.05.008
关键词:
摘要: Data preprocessing is widely recognized as an important stage in anomaly detection. This paper reviews the data techniques used by anomaly-based network intrusion detection systems (NIDS), concentrating on which aspects of traffic are analyzed, and what feature construction selection methods have been used. Motivation for comes from large impact has accuracy capability NIDS. The review finds that many NIDS limit their view to TCP/IP packet headers. Time-based statistics can be derived these headers detect scans, worm behavior, denial service attacks. A number other perform deeper inspection request packets attacks against services applications. More recent approaches analyze full responses targeting clients. covers a wide range NIDS, highlighting classes attack detectable each approaches. found predominantly rely expert domain knowledge identifying most relevant parts constructing initial candidate set features. On hand, automated extraction reduce dimensionality, find subset features this set. shows trend toward construct more through targeted content parsing. These context sensitive required current
acm.org
elsevier.com
core.ac.uk 
sci-hub.se 参考文章(69)
Philip K. Chan, Matthew V. Mahoney, Learning Models of Network Traffic for Detecting Novel Attacks ,(2002)
Felix Naumann, Jens Bleiholder, Data fusion ACM Computing Surveys. ,vol. 41, pp. 1- 41 ,(2009) , 10.1145/1456650.1456651
Joshua Mason, Sam Small, Fabian Monrose, Greg MacManus, English shellcode computer and communications security. pp. 524- 533 ,(2009) , 10.1145/1653662.1653725
Iosif-Viorel Onut, Ali A. Ghorbani, A Feature Classification Scheme For Network Intrusion Detection. International Journal of Network Security. ,vol. 5, pp. 1- 15 ,(2007)
Hisham M. Haddad, Proceedings of the 2006 ACM symposium on Applied computing acm symposium on applied computing. ,(2006)
Levent Ertöz, Aleksandar Lazarevic, Vipin Kumar, Jaideep Srivastava, Aysel Ozgur, A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. siam international conference on data mining. pp. 25- 36 ,(2003)
Philip K. Chan, Matthew V. Mahoney, PHAD: packet header anomaly detection for identifying hostile network traffic ,(2001)
James P. Early, Carla E. Brodley, Behavioral Features for Network Anomaly Detection Springer, London. pp. 107- 124 ,(2006) , 10.1007/1-84628-253-5_7
Eric E. Bloedorn, Lisa M. Talbot, David D. DeBarr, Data Mining Applied to Intrusion Detection: MITRE Experiences Springer, London. pp. 65- 88 ,(2006) , 10.1007/1-84628-253-5_5
Kanoksri Sarinnapakorn, Mei-Ling Shyu, Shu-Ching Chen, LiWu Chang, A Novel Anomaly Detection Scheme Based on Principal Component Classifier international conference on data mining. pp. 172- 179 ,(2003)