All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Similarity as a central approach to flow-based anomaly detection

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F14%3A00076011" target="_blank" >RIV/00216224:14610/14:00076011 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1002/nem.1867" target="_blank" >http://dx.doi.org/10.1002/nem.1867</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1002/nem.1867" target="_blank" >10.1002/nem.1867</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Similarity as a central approach to flow-based anomaly detection

  • Original language description

    Network flow monitoring is currently a common practice in mid and large-size networks. Methods of flow-based anomaly detection are subject to ongoing extensive research, because detection methods based on deep packet inspection have reached their limits.However, there is a lack of comprehensive studies mapping the state of the art in this area. For this reason, we have conducted a thorough survey of flow-based anomaly detection methods published on academic conferences and used by the industry. We haveanalyzed these methods using the perspective of similarity which is inherent to any anomaly detection method. Based on this analysis, we have proposed a new taxonomy of network anomalies and a similarity-oriented classification of flow-based detection methods. We have also identified four issues requiring further research: the lack of flow-based evaluation data sets, infeasible benchmarking of proposed methods, excessive false positive rate, and limited coverage of certain anomaly class

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>x</sub> - Unclassified - Peer-reviewed scientific article (Jimp, Jsc and Jost)

  • CEP classification

    IN - Informatics

  • OECD FORD branch

Result continuities

  • Project

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2014

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    International Journal of Network Management

  • ISSN

    1055-7148

  • e-ISSN

  • Volume of the periodical

    24

  • Issue of the periodical within the volume

    4

  • Country of publishing house

    US - UNITED STATES

  • Number of pages

    19

  • Pages from-to

    318-336

  • UT code for WoS article

    000339479100008

  • EID of the result in the Scopus database

Similar results(10)

Detecting Advanced Network Threats Using a Similarity SearchCAMNEP: An intrusion detection system for high speed networksFlow Based Network Intrusion Detection System using Hardware-Accelerated NetFlow Probes