*Learning to Detect Network Intrusion from a Few Labeled Events and Background Traffic

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F15%3A00239400" target="_blank" >RIV/68407700:21230/15:00239400 - isvavai.cz</a>

Výsledek na webu

—

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

*Learning to Detect Network Intrusion from a Few Labeled Events and Background Traffic

Popis výsledku v původním jazyce

*The goal of this research work was to provide adaptive machine learning model, capable to generalize from an extremely small number of available true attack representatives, with accuracy close to the expert designed process presented in an existing intrusion detection system developed by Cisco, called Camnep. To that aim, we ?rst introduced a fast scalable heuristic procedure for the extraction of generic events from NetFlow tra?c. Second, we proposed an enhanced Random-Forest-based learning model utilizing the small number of available ground truth samples of particular incident types, with the help of a large number of samples generated from background tra?c by the heuristic extraction procedure. The performance of the learned model to identify intrusions was evaluated against Camnep on the same tra?c data, and an interpretative correspondence of the two methods has been analyzed.

Název v anglickém jazyce

*Learning to Detect Network Intrusion from a Few Labeled Events and Background Traffic

Popis výsledku anglicky

*The goal of this research work was to provide adaptive machine learning model, capable to generalize from an extremely small number of available true attack representatives, with accuracy close to the expert designed process presented in an existing intrusion detection system developed by Cisco, called Camnep. To that aim, we ?rst introduced a fast scalable heuristic procedure for the extraction of generic events from NetFlow tra?c. Second, we proposed an enhanced Random-Forest-based learning model utilizing the small number of available ground truth samples of particular incident types, with the help of a large number of samples generated from background tra?c by the heuristic extraction procedure. The performance of the learned model to identify intrusions was evaluated against Camnep on the same tra?c data, and an interpretative correspondence of the two methods has been analyzed.

Druh

V_souhrn - Souhrnná výzkumná zpráva

CEP obor

JC - Počítačový hardware a software

OECD FORD obor

—

Projekt

—

Návaznosti

N - Vyzkumna aktivita podporovana z neverejnych zdroju

Rok uplatnění

2015

Kód důvěrnosti údajů

C - Předmět řešení projektu podléhá obchodnímu tajemství (§ 504 Občanského zákoníku), ale název projektu, cíle projektu a u ukončeného nebo zastaveného projektu zhodnocení výsledku řešení projektu (údaje P03, P04, P15, P19, P29, PN8) dodané do CEP, jsou upraveny tak, aby byly zveřejnitelné.

Počet stran výsledku

13

Místo vydání

Praha

Název nakladatele resp. objednatele

CISCO SYSTEMS (Czech Republic), s.r.o.

Verze

—