Fusing Heterogeneous Data for Network Asset Classification - A Two-layer Approach

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F24%3A10133657" target="_blank" >RIV/63839172:_____/24:10133657 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1109/NOMS59830.2024.10575154" target="_blank" >http://dx.doi.org/10.1109/NOMS59830.2024.10575154</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/NOMS59830.2024.10575154" target="_blank" >10.1109/NOMS59830.2024.10575154</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Fusing Heterogeneous Data for Network Asset Classification - A Two-layer Approach

Popis výsledku v původním jazyce

An essential aspect of cybersecurity management is maintaining knowledge of the assets in the protected network. Automated asset discovery and classification can be done using various methods, differing in reliability and the provided type of information. Therefore, deploying multiple methods and combining their results is usually needed - but this is a nontrivial task. In this paper, we describe our case of how we got to the need for such a data fusion method, how we approached it, and we present our solution - a two-layer data fusion method that can effectively fuse multiple heterogeneous and unreliable sources of information about a network device to classify it. The method is based on a combination of expert-written conditions, machine learning from small amounts of data, and the Dempster-Shafer theory of evidence. We evaluate the method on the task of operating system recognition using data from real network traffic and several generated datasets simulating different conditions.

Název v anglickém jazyce

Fusing Heterogeneous Data for Network Asset Classification - A Two-layer Approach

Popis výsledku anglicky

An essential aspect of cybersecurity management is maintaining knowledge of the assets in the protected network. Automated asset discovery and classification can be done using various methods, differing in reliability and the provided type of information. Therefore, deploying multiple methods and combining their results is usually needed - but this is a nontrivial task. In this paper, we describe our case of how we got to the need for such a data fusion method, how we approached it, and we present our solution - a two-layer data fusion method that can effectively fuse multiple heterogeneous and unreliable sources of information about a network device to classify it. The method is based on a combination of expert-written conditions, machine learning from small amounts of data, and the Dempster-Shafer theory of evidence. We evaluate the method on the task of operating system recognition using data from real network traffic and several generated datasets simulating different conditions.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/LM2023054" target="_blank" >LM2023054: e-Infrastruktura CZ</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

NOMS 2024-2024 IEEE Network Operations and Management Symposium

ISBN

979-8-3503-2793-9

ISSN

2374-9709

e-ISSN

—

Počet stran výsledku

6

Strana od-do

1-6

Název nakladatele

IEEE

Místo vydání

Seoul, South Korea

Místo konání akce

Seoul, South Korea

Datum konání akce

6. 5. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001270140300051