LADS: A Live Anomaly Detection System based on Machine Learning Methods

机译：小伙子：一种基于机器学习方法的活异常检测系统

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Network anomaly detection using NetFlow has been widely studied during the last decade. NetFlow provides the ability to collect network traffic attributes (e.g., IP source, IP destination, source port, destination port, protocol) and allows the use of association rule mining to extract the flows that have caused a malicious event. Despite of all the developments in network anomaly detection, the most popular procedure to detect nonconformity patterns in network traffic is still manual inspection during the period under analysis (e.g., visual analysis of plots, identification of variations in the number of bytes, packets, flows). This paper presents a Live Anomaly Detection System (LADS) based on One class Support Vector Machine (One-class SVM) to detect traffic anomalies. Experiments have been conducted using a valid data-set containing over 1.4 million packets (captured using NetFlow v5 and v9) that build models with one and several features in order to identify the approach that most accurately detects traffic anomalies in our system. A multi-featured approach that restricts the analysis to one IP address and extends it in terms of samples (valid and invalid ones) is considered as a promising approach in terms of accuracy of the detected malicious instances.

机译：使用NetFlow的网络异常检测已经在过去十年中被广泛研究。 NetFlow提供了收集网络流量属性（例如，IP源，IP目标，源端口，目标端口，协议）的能力，并允许使用关联规则挖掘来提取导致恶意事件的流程。尽管网络异常检测中的所有发展，但在分析期间检测网络流量中的不合格模式的最流行过程仍然是手动检查（例如，图表的视觉分析，识别字节数的变化，数据包，流量的变化）。本文介绍了基于一类支持向量机（单级SVM）的实时异常检测系统（LAD）来检测流量异常。使用有效的数据集进行了实验，其中包含超过140万个数据包（使用Netflow V5和V9捕获），该模型构建了一个和多个功能，以确定最精确地检测我们系统中的流量异常的方法。一种多功能的方法，将分析限制为一个IP地址，并在样本（有效和无效）方面扩展它在检测到的恶意实例的准确性方面被视为有希望的方法。

著录项

来源
《International Joint Conference on e-Business and Telecommunications》|2019年|1(CD-ROM)|共6页
会议地点
作者
Gustavo Gonzalez-Granadillo; Rodrigo Diaz; Iberia Medeiros; Susana Gonzalez-Zarzosa; Dawid Machnicki;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TN91-53;
关键词
Machine learning; One-class SVM; Anomaly detection; Network traffic behavior; NetFlow;

机译：机器学习;单级SVM;异常检测;网络流量行为;netflow.;

相似文献

外文文献
中文文献
专利

1. Comparison and Adaptation of Two Strategies for Anomaly Detection in Load Profiles Based on Methods from the Fields of Machine Learning and Statistics [J] . Patrick Krawiec, Mark Junge, Jens Hesselbach Open Journal of Energy Efficiency . 2021,第2期

机译：基于机器学习和统计领域的载荷配置中的两种策略对大异常检测的比较与适应
2. Comparison and Adaptation of Two Strategies for Anomaly Detection in Load Profiles Based on Methods from the Fields of Machine Learning and Statistics [J] . Patrick Krawiec, Mark Junge, Jens Hesselbach 能源效率（英文） . 2021,第002期

机译：Comparison and Adaptation of Two Strategies for Anomaly Detection in Load Profiles Based on Methods from the Fields of Machine Learning and Statistics
3. A Brief Study on Different Intrusions and Machine Learning-based Anomaly Detection Methods in Wireless Sensor Networks [J] . J. Saranya, Dr.G.Padmavathi International Journal of Advanced Networking and Applications . 2015,第7016期

机译：无线传感器网络中不同入侵和基于机器学习的异常检测方法的简要研究
4. LADS: A Live Anomaly Detection System based on Machine Learning Methods [C] . Gustavo Gonzalez-Granadillo, Rodrigo Diaz, Iberia Medeiros, International Joint Conference on e-Business and Telecommunications . 2019

机译：小伙子：一种基于机器学习方法的活异常检测系统
5. Machine Learning for Host-based Misuse and Anomaly Detection in UNIX Environment [D] . Aghaei, Ehsan. 2017

机译：基于主机的滥用和异常检测机器学习UNIX环境
6. A Machine Learning-Based Method for Automated Blockchain Transaction Signing Including Personalized Anomaly Detection [O] . Blaž Podgorelec, Muhamed Turkanović, Sašo Karakatič 2020

机译：包含个性化异常检测的基于机器学习的自动区块链交易签名方法
7. Search-based test and improvement of machine-learning-based anomaly detection systems [O] . Maxime Cordy, Steve Muller, Mike Papadakis, 2019

机译：基于机器学习的异常检测系统的搜索测试和改进
8. Methods to Address Extreme Class Imbalance in Machine Learning Based Network Intrusion Detection Systems. [R] . Walter, R. W. 2016

机译：解决基于机器学习的网络入侵检测系统中极端类不平衡的方法。

LADS: A Live Anomaly Detection System based on Machine Learning Methods

摘要

著录项

相似文献

相关主题

期刊订阅