All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

*Learning to Detect Network Intrusion from a Few Labeled Events and Background Traffic

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F15%3A00239400" target="_blank" >RIV/68407700:21230/15:00239400 - isvavai.cz</a>

  • Result on the web

  • DOI - Digital Object Identifier

Alternative languages

  • Result language

    angličtina

  • Original language name

    *Learning to Detect Network Intrusion from a Few Labeled Events and Background Traffic

  • Original language description

    *The goal of this research work was to provide adaptive machine learning model, capable to generalize from an extremely small number of available true attack representatives, with accuracy close to the expert designed process presented in an existing intrusion detection system developed by Cisco, called Camnep. To that aim, we ?rst introduced a fast scalable heuristic procedure for the extraction of generic events from NetFlow tra?c. Second, we proposed an enhanced Random-Forest-based learning model utilizing the small number of available ground truth samples of particular incident types, with the help of a large number of samples generated from background tra?c by the heuristic extraction procedure. The performance of the learned model to identify intrusions was evaluated against Camnep on the same tra?c data, and an interpretative correspondence of the two methods has been analyzed.

  • Czech name

  • Czech description

Classification

  • Type

    V<sub>souhrn</sub> - Summary research report

  • CEP classification

    JC - Computer hardware and software

  • OECD FORD branch

Result continuities

  • Project

  • Continuities

    N - Vyzkumna aktivita podporovana z neverejnych zdroju

Others

  • Publication year

    2015

  • Confidentiality

    C - Předmět řešení projektu podléhá obchodnímu tajemství (§ 504 Občanského zákoníku), ale název projektu, cíle projektu a u ukončeného nebo zastaveného projektu zhodnocení výsledku řešení projektu (údaje P03, P04, P15, P19, P29, PN8) dodané do CEP, jsou upraveny tak, aby byly zveřejnitelné.

Data specific for result type

  • Number of pages

    13

  • Place of publication

    Praha

  • Publisher/client name

    CISCO SYSTEMS (Czech Republic), s.r.o.

  • Version

Similar results(10)

Learning to detect network intrusion from a few labeled events and background trafficEfficient Extraction of Network Event Types from NetFlowsStatistical Analysis of Traffic Time Series