• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文学位 >A machine learning approach to detecting attacks by identifying anomalies in network traffic.
【24h】

A machine learning approach to detecting attacks by identifying anomalies in network traffic.

机译:一种通过识别网络流量异常来检测攻击的机器学习方法。

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The current approach to detecting novel attacks in network traffic is to model the normal frequency of session IP addresses and server port usage and to signal unusual combinations of these attributes as suspicious. We make four major contributions to the field of network anomaly detection. First, rather than just model user behavior, we also model network protocols from the data link through the application layer in order to detect attacks that exploit vulnerabilities in the implementation of these protocols. Second, we introduce a time-based model suitable for the bursty nature of network traffic: the probability of an event depends on the time since it last occurred rather than just its average frequency. Third, we introduce an algorithm for learning conditional rules from attack free training data that are sensitive to anomalies. Fourth, we extend the model to cases where attack-free training data is not available.; On the 1999 DARPA/Lincoln Laboratory intrusion detection evaluation data set, our best system detects 75% of novel attacks by unauthorized users at 10 false alarms per day after training only on attack-free traffic. However this result is misleading because the background traffic is simulated and our algorithms are sensitive to artifacts. We compare the background traffic to real traffic collected from a university departmental server and conclude that we could realistically expect to detect 30% of these attacks in this environment, or 47% if we are willing to accept 50 false alarms per day.
机译:当前检测网络流量中新颖攻击的方法是对会话IP地址和服务器端口使用率的正常频率进行建模,并将这些属性的异常组合表示为可疑。我们对网络异常检测领域做出了四项重大贡献。首先,我们不仅对用户行为建模,而且还对从数据链路到应用程序层的网络协议建模,以检测利用这些协议实施中的漏洞的攻击。其次,我们引入适合于网络流量突发性的基于时间的模型:事件的概率取决于事件自上次发生以来的时间,而不仅仅是其平均频率。第三,我们引入一种算法,用于从对异常敏感的无攻击训练数据中学习条件规则。第四,我们将模型扩展到没有无攻击训练数据的情况。在1999年DARPA /林肯实验室入侵检测评估数据集上,我们的最佳系统仅在对无攻击流量进行培训之后,每天以10次虚假警报检测到未经授权用户的新型攻击的75%。但是,此结果具有误导性,因为模拟了背景流量,并且我们的算法对伪像很敏感。我们将后台流量与从大学部门服务器收集的实际流量进行了比较,得出的结论是,我们可以现实地期望在这种环境下检测到30%的此类攻击,如果愿意每天接受50个虚假警报,则可以检测到47%。

著录项

  • 作者

    Mahoney, Matthew Vincent.;

  • 作者单位

    Florida Institute of Technology.;

  • 授予单位 Florida Institute of Technology.;
  • 学科 Computer Science.
  • 学位 Ph.D.
  • 年度 2003
  • 页码 147 p.
  • 总页数 147
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类 自动化技术、计算机技术;
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号