• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEICE Transactions on Information and Systems >A Comparative Study of Unsupervised Anomaly Detection Techniques Using Honeypot Data
【24h】

A Comparative Study of Unsupervised Anomaly Detection Techniques Using Honeypot Data

机译:蜜罐数据无监督异常检测技术的比较研究

获取原文
获取原文并翻译 | 示例
       
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Intrusion Detection Systems (IDS) have been received considerable attention among the network security researchers as one of the most promising countermeasures to defend our crucial computer systems or networks against attackers on the Internet. Over the past few years, many machine learning techniques have been applied to IDSs so as to improve their performance anc to construct them with low cost and etfort. Especially, unsupervised anomaly detection techniques have a significant advantage in their capability to identify unforeseen attacks, i.e., 0-day attacks, and to build intrusion detection models without any labeled (i.e., pre-classified) training data in an automated manner. In this paper, we conduct a set of experiments to evaluate and analyze performance of the major unsupervised anomaly detection techniques using real traffic data which are obtained at our honeypots deployed inside and outside of the campus network of Kyoto University, and using various evaluation criteria, i.e., performance evaluation by similarity measurements and the size of training data, overall performance, detection ability for unknown attacks, and time complexity. Our experimental results give some practical and useful guidelines to IDS researchers and operators, so that they can acquire insight to apply these techniques to the area of intrusion detection, and devise more effective intrusion detection models.
机译:入侵检测系统(IDS)已被网络安全研究人员所关注,这是保护我们的关键计算机系统或网络免受Internet攻击者攻击的最有希望的对策之一。在过去的几年中,许多机器学习技术已经应用于IDS,以提高其性能,并以低成本和省力的方式构建它们。尤其是,无监督的异常检测技术在识别意外攻击(即0天攻击)和构建入侵检测模型而无需任何标记(即预分类)训练数据的自动化功能方面具有显着优势。在本文中,我们进行了一组实验,以使用在京都大学校园网络内部和外部部署的蜜罐中获得的实际流量数据并使用各种评估标准来评估和分析主要的无监督异常检测技术的性能,例如,通过相似性度量和训练数据的大小,整体性能,未知攻击的检测能力以及时间复杂度来评估性能。我们的实验结果为IDS研究人员和操作人员提供了一些实用且有用的指南,使他们可以获得将这些技术应用于入侵检测领域的见识,并设计出更有效的入侵检测模型。

著录项

  • 来源
    《IEICE Transactions on Information and Systems》 |2010年第9期|P.2544-2554|共11页
  • 作者

    Jungsuk SONG; Hiroki TAKAKURA; Yasuo OKABE; Daisuke INOUE; Masashi ETO; Koji NAKAO;

  • 作者单位

    National Institute of Information and Communications Technology, Koganei-shi, 184-8795 Japan;

    rnAcademic Center for Computing and Media Studies, Kyoto University, Kyoto-shi, 606-8501 Japan Information Technology Center, Nagoya University, Nagoya-shi, 464-8601 Japan;

    rnAcademic Center for Computing and Media Studies, Kyoto University, Kyoto-shi, 606-8501 Japan;

    rnNational Institute of Information and Communications Technology, Koganei-shi, 184-8795 Japan;

    rnNational Institute of Information and Communications Technology, Koganei-shi, 184-8795 Japan;

    rnNational Institute of Information and Communications Technology, Koganei-shi, 184-8795 Japan;

  • 收录信息 美国《科学引文索引》(SCI);美国《工程索引》(EI);
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

    intrusion detection system; unsupervised machine learning techniques; real traffic data; various evaluation criteria;

    机译:入侵侦测系统;无监督机器学习技术;真实交通数据;各种评估标准;
  • 入库时间 2022-08-18 00:27:00

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号