Anomaly detection using prior knowledge: application to TCP/IP traffic

This article introduces an approach to anomaly intrusion detection based on a combination of supervised and unsupervised machine learning algorithms. The main objective of this work is an effective modeling of the TCP/IP network traffic of an organization that allows the detection of anomalies with...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Couchet, Jorge, Ferreira, Enrique, Manrique, Daniel, Carrascal, Alberto
Formato: Objeto de conferencia
Lenguaje:Inglés
Publicado: 2006
Materias:
Ciencias Informáticas
intrusion detection
false positive rates
self-organizing maps
Internet (e.g., TCP/IP)
Architectures
Acceso en línea:http://sedici.unlp.edu.ar/handle/10915/23877
Aporte de:
SEDICI (UNLP) de Universidad Nacional de La Plata
id I19-R120-10915-23877
record_format dspace
institution Universidad Nacional de La Plata
institution_str I-19
repository_str R-120
collection SEDICI (UNLP)
language Inglés
topic Ciencias Informáticas
intrusion detection
false positive rates
self-organizing maps
Internet (e.g., TCP/IP)
Architectures
spellingShingle Ciencias Informáticas
intrusion detection
false positive rates
self-organizing maps
Internet (e.g., TCP/IP)
Architectures
Couchet, Jorge
Ferreira, Enrique
Manrique, Daniel
Carrascal, Alberto
Anomaly detection using prior knowledge: application to TCP/IP traffic
topic_facet Ciencias Informáticas
intrusion detection
false positive rates
self-organizing maps
Internet (e.g., TCP/IP)
Architectures
description This article introduces an approach to anomaly intrusion detection based on a combination of supervised and unsupervised machine learning algorithms. The main objective of this work is an effective modeling of the TCP/IP network traffic of an organization that allows the detection of anomalies with an efficient percentage of false positives for a production environment. The architecture proposed uses a hierarchy of Self-Organizing Maps for traffic modeling combined with Learning Vector Quantization techniques to ultimately classify network packets. The architecture is developed using the known SNORT intrusion detection system to preprocess network traffic. In comparison to other techniques, results obtained in this work show that acceptable levels of compromise between attack detection and false positive rates can be achieved.
format Objeto de conferencia
Objeto de conferencia
author Couchet, Jorge
Ferreira, Enrique
Manrique, Daniel
Carrascal, Alberto
author_facet Couchet, Jorge
Ferreira, Enrique
Manrique, Daniel
Carrascal, Alberto
author_sort Couchet, Jorge
title Anomaly detection using prior knowledge: application to TCP/IP traffic
title_short Anomaly detection using prior knowledge: application to TCP/IP traffic
title_full Anomaly detection using prior knowledge: application to TCP/IP traffic
title_fullStr Anomaly detection using prior knowledge: application to TCP/IP traffic
title_full_unstemmed Anomaly detection using prior knowledge: application to TCP/IP traffic
title_sort anomaly detection using prior knowledge: application to tcp/ip traffic
publishDate 2006
url http://sedici.unlp.edu.ar/handle/10915/23877
work_keys_str_mv AT couchetjorge anomalydetectionusingpriorknowledgeapplicationtotcpiptraffic
AT ferreiraenrique anomalydetectionusingpriorknowledgeapplicationtotcpiptraffic
AT manriquedaniel anomalydetectionusingpriorknowledgeapplicationtotcpiptraffic
AT carrascalalberto anomalydetectionusingpriorknowledgeapplicationtotcpiptraffic
bdutipo_str Repositorios
_version_ 1764820466364579840

Ejemplares similares