All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Learning to detect network intrusion from a few labeled events and background traffic

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F15%3A00230961" target="_blank" >RIV/68407700:21230/15:00230961 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1007/978-3-319-20034-7_9" target="_blank" >http://dx.doi.org/10.1007/978-3-319-20034-7_9</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-319-20034-7_9" target="_blank" >10.1007/978-3-319-20034-7_9</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Learning to detect network intrusion from a few labeled events and background traffic

  • Original language description

    Intrusion detection systems (IDS) analyse network traffic data with the goal to reveal malicious activities and incidents. A general problem with learning within this domain is a lack of relevant ground truth data, i.e. real attacks, capturing maliciousbehaviors in their full variety. Most of existing solutions thus, up to a certain level, rely on rules designed by network domain experts. Although there are advantages to the use of rules, they lack the basic ability of adapting to traffic data. As a result, we propose an ensemble tree bagging classifier, capable of learning from an extremely small number of true attack representatives, and demonstrate that, incorporating a general background traffic, we are able to generalize from those few representatives to achieve competitive results to the expert designed rules used in existing IDS Camnep.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    JC - Computer hardware and software

  • OECD FORD branch

Result continuities

  • Project

  • Continuities

    S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2015

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Intelligent Mechanisms for Network Configuration and Security

  • ISBN

    978-3-319-20033-0

  • ISSN

    0302-9743

  • e-ISSN

  • Number of pages

    14

  • Pages from-to

    73-86

  • Publisher name

    Springer International Publishing

  • Place of publication

    Cham

  • Event location

    Ghent

  • Event date

    Jun 22, 2015

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000363692200009

Similar results(10)

AI infers DoS mitigation rulesAttacking the IDS learning processesTowards Inference of DDoS Mitigation Rules