Similarity as a central approach to flow-based anomaly detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F14%3A00076011" target="_blank" >RIV/00216224:14610/14:00076011 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1002/nem.1867" target="_blank" >http://dx.doi.org/10.1002/nem.1867</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1002/nem.1867" target="_blank" >10.1002/nem.1867</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Similarity as a central approach to flow-based anomaly detection

Popis výsledku v původním jazyce

Network flow monitoring is currently a common practice in mid and large-size networks. Methods of flow-based anomaly detection are subject to ongoing extensive research, because detection methods based on deep packet inspection have reached their limits.However, there is a lack of comprehensive studies mapping the state of the art in this area. For this reason, we have conducted a thorough survey of flow-based anomaly detection methods published on academic conferences and used by the industry. We haveanalyzed these methods using the perspective of similarity which is inherent to any anomaly detection method. Based on this analysis, we have proposed a new taxonomy of network anomalies and a similarity-oriented classification of flow-based detection methods. We have also identified four issues requiring further research: the lack of flow-based evaluation data sets, infeasible benchmarking of proposed methods, excessive false positive rate, and limited coverage of certain anomaly class

Název v anglickém jazyce

Similarity as a central approach to flow-based anomaly detection

Popis výsledku anglicky

Network flow monitoring is currently a common practice in mid and large-size networks. Methods of flow-based anomaly detection are subject to ongoing extensive research, because detection methods based on deep packet inspection have reached their limits.However, there is a lack of comprehensive studies mapping the state of the art in this area. For this reason, we have conducted a thorough survey of flow-based anomaly detection methods published on academic conferences and used by the industry. We haveanalyzed these methods using the perspective of similarity which is inherent to any anomaly detection method. Based on this analysis, we have proposed a new taxonomy of network anomalies and a similarity-oriented classification of flow-based detection methods. We have also identified four issues requiring further research: the lack of flow-based evaluation data sets, infeasible benchmarking of proposed methods, excessive false positive rate, and limited coverage of certain anomaly class

Druh

J_x - Nezařazeno - Článek v odborném periodiku (Jimp, Jsc a Jost)

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2014

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

International Journal of Network Management

ISSN

1055-7148

e-ISSN

—

Svazek periodika

24

Číslo periodika v rámci svazku

4

Stát vydavatele periodika

US - Spojené státy americké

Počet stran výsledku

19

Strana od-do

318-336

Kód UT WoS článku

000339479100008

EID výsledku v databázi Scopus

—