Stream-based machine learning for network security and anomaly detection

Result code in IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F18%3A00324826" target="_blank" >RIV/68407700:21230/18:00324826 - isvavai.cz</a>

Result on the web

<a href="https://dl.acm.org/citation.cfm?id=3229612" target="_blank" >https://dl.acm.org/citation.cfm?id=3229612</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3229607.3229612" target="_blank" >10.1145/3229607.3229612</a>

Result language

angličtina

Original language name

Stream-based machine learning for network security and anomaly detection

Original language description

Data Stream Machine Learning is rapidly gaining popularity within the network monitoring community as the big data produced by network devices and end-user terminals goes beyond the memory constraints of standard monitoring equipment. Critical network monitoring applications such as the detection of anomalies, network attacks and intrusions, require fast and continuous mechanisms for on-line analysis of data streams. In this paper we consider a stream-based machine learning approach for network security and anomaly detection, applying and evaluating multiple machine learning algorithms in the analysis of continuously evolving network data streams. The continuous evolution of the data stream analysis algorithms coming from the data stream mining domain, as well as the multiple evaluation approaches conceived for benchmarking such kind of algorithms makes it difficult to choose the appropriate machine learning model. Results of the different approaches may significantly differ and it is crucial to determine which approach reflects the algorithm performance the best. We therefore compare and analyze the results from the most recent evaluation approaches for sequential data on commonly used batch-based machine learning algorithms and their corresponding stream-based extensions, for the specific problem of on-line network security and anomaly detection. Similar to our previous findings when dealing with off-line machine learning approaches for network security and anomaly detection, our results suggest that adaptive random forests and stochastic gradient descent models are able to keep up with important concept drifts in the underlying network data streams, by keeping high accuracy with continuous re-training at concept drift detection times. 2018 Association for Computing Machinery.

Czech name

—

Czech description

—

Type

D - Article in proceedings

CEP classification

—

OECD FORD branch

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Project

—

Continuities

S - Specificky vyzkum na vysokych skolach

Publication year

2018

Confidentiality

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Article name in the collection

Proceedings of the 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks

ISBN

978-1-4503-5904-7

ISSN

—

e-ISSN

—

Number of pages

7

Pages from-to

1-7

Publisher name

ACM

Place of publication

New York

Event location

Budapest

Event date

Aug 20, 2018

Type of event by nationality

WRD - Celosvětová akce

UT code for WoS article

—