Detecting anomalous network hosts by means of PCA

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F12%3A00200192" target="_blank" >RIV/68407700:21230/12:00200192 - isvavai.cz</a>

Výsledek na webu

—

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Detecting anomalous network hosts by means of PCA

Popis výsledku v původním jazyce

Abstract--- This paper focuses on the identification of anomalous hosts within a computer network with the motivation to detect attacks and/or other unwanted and suspicious traffic. The proposed detection method does not use content of packets, which enables the method to be used on encrypted networks. Moreover, the method has very low computational complexity allowing fast detection and response important for limitation of potential damages. Abstract--- The proposed method uses entropies of IP addresses and ports to build two complementary models of host's traffic based on principal component analysis. These two models are coupled with two orthogonal anomaly definitions, which gives four different detectors. Abstract--- The methods are evaluated and compared to prior art on one week long capture of traffic on university network. The experiments reveals that no single detector can detect all types of anomalies, which is expected and stresses the importance of ensemble approach towards

Název v anglickém jazyce

Detecting anomalous network hosts by means of PCA

Popis výsledku anglicky

Abstract--- This paper focuses on the identification of anomalous hosts within a computer network with the motivation to detect attacks and/or other unwanted and suspicious traffic. The proposed detection method does not use content of packets, which enables the method to be used on encrypted networks. Moreover, the method has very low computational complexity allowing fast detection and response important for limitation of potential damages. Abstract--- The proposed method uses entropies of IP addresses and ports to build two complementary models of host's traffic based on principal component analysis. These two models are coupled with two orthogonal anomaly definitions, which gives four different detectors. Abstract--- The methods are evaluated and compared to prior art on one week long capture of traffic on university network. The experiments reveals that no single detector can detect all types of anomalies, which is expected and stresses the importance of ensemble approach towards

Druh

D - Stať ve sborníku

CEP obor

BB - Aplikovaná statistika, operační výzkum

OECD FORD obor

—

Projekt

Výsledek vznikl pri realizaci vícero projektů. Více informací v záložce Projekty.

Návaznosti

V - Vyzkumna aktivita podporovana z jinych verejnych zdroju

Rok uplatnění

2012

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of IEEE Workshop on Informations Forensics and Security

ISBN

978-1-4673-2285-0

ISSN

—

e-ISSN

—

Počet stran výsledku

4

Strana od-do

103-106

Název nakladatele

IEEE

Místo vydání

Piscataway

Místo konání akce

Tenerife

Datum konání akce

2. 12. 2012

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000314476200018