Learning to detect network intrusion from a few labeled events and background traffic

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F15%3A00230961" target="_blank" >RIV/68407700:21230/15:00230961 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1007/978-3-319-20034-7_9" target="_blank" >http://dx.doi.org/10.1007/978-3-319-20034-7_9</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-319-20034-7_9" target="_blank" >10.1007/978-3-319-20034-7_9</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Learning to detect network intrusion from a few labeled events and background traffic

Popis výsledku v původním jazyce

Intrusion detection systems (IDS) analyse network traffic data with the goal to reveal malicious activities and incidents. A general problem with learning within this domain is a lack of relevant ground truth data, i.e. real attacks, capturing maliciousbehaviors in their full variety. Most of existing solutions thus, up to a certain level, rely on rules designed by network domain experts. Although there are advantages to the use of rules, they lack the basic ability of adapting to traffic data. As a result, we propose an ensemble tree bagging classifier, capable of learning from an extremely small number of true attack representatives, and demonstrate that, incorporating a general background traffic, we are able to generalize from those few representatives to achieve competitive results to the expert designed rules used in existing IDS Camnep.

Název v anglickém jazyce

Learning to detect network intrusion from a few labeled events and background traffic

Popis výsledku anglicky

Intrusion detection systems (IDS) analyse network traffic data with the goal to reveal malicious activities and incidents. A general problem with learning within this domain is a lack of relevant ground truth data, i.e. real attacks, capturing maliciousbehaviors in their full variety. Most of existing solutions thus, up to a certain level, rely on rules designed by network domain experts. Although there are advantages to the use of rules, they lack the basic ability of adapting to traffic data. As a result, we propose an ensemble tree bagging classifier, capable of learning from an extremely small number of true attack representatives, and demonstrate that, incorporating a general background traffic, we are able to generalize from those few representatives to achieve competitive results to the expert designed rules used in existing IDS Camnep.

Druh

D - Stať ve sborníku

CEP obor

JC - Počítačový hardware a software

OECD FORD obor

—

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2015

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Intelligent Mechanisms for Network Configuration and Security

ISBN

978-3-319-20033-0

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

14

Strana od-do

73-86

Název nakladatele

Springer International Publishing

Místo vydání

Cham

Místo konání akce

Ghent

Datum konání akce

22. 6. 2015

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000363692200009