Ma, 2003 - Google Patents
Log analysis-based intrusion detection via unsupervised learningMa, 2003
View PDF- Document ID
- 6888010443982153578
- Author
- Ma P
- Publication year
- Publication venue
- Master of Science, School of Informatics, University of Edinburgh
External Links
Snippet
Keeping networks secure has never been such an imperative task as today. Threats come from hardware failures, software flaws, tentative probing and malicious attacks. Analyzing network logs to detect suspicious activities is one form of defense. However, the sheer size …
- 238000001514 detection method 0 title abstract description 87
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6267—Classification techniques
- G06K9/6279—Classification techniques relating to the number of classes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6217—Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
- G06K9/6228—Selecting the most significant subset of features
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6267—Classification techniques
- G06K9/6268—Classification techniques relating to the classification paradigm, e.g. parametric or non-parametric approaches
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6217—Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
- G06K9/6232—Extracting features by transforming the feature space, e.g. multidimensional scaling; Mappings, e.g. subspace methods
- G06K9/6251—Extracting features by transforming the feature space, e.g. multidimensional scaling; Mappings, e.g. subspace methods based on a criterion of topology preservation, e.g. multidimensional scaling, self-organising maps
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6217—Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
- G06K9/6232—Extracting features by transforming the feature space, e.g. multidimensional scaling; Mappings, e.g. subspace methods
- G06K9/6247—Extracting features by transforming the feature space, e.g. multidimensional scaling; Mappings, e.g. subspace methods based on an approximation criterion, e.g. principal component analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/3061—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F17/30705—Clustering or classification
- G06F17/3071—Clustering or classification including class or cluster creation or modification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computer systems based on biological models
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computer systems utilising knowledge based models
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Aamir et al. | Clustering based semi-supervised machine learning for DDoS attack classification | |
| Ravipati et al. | Intrusion detection system classification using different machine learning algorithms on KDD-99 and NSL-KDD datasets-a review paper | |
| Benaddi et al. | Improving the intrusion detection system for NSL-KDD dataset based on PCA-fuzzy clustering-KNN | |
| Gogoi et al. | A survey of outlier detection methods in network anomaly identification | |
| Bouzida et al. | Efficient intrusion detection using principal component analysis | |
| Brugger | Data mining methods for network intrusion detection | |
| Adebowale et al. | Comparative study of selected data mining algorithms used for intrusion detection | |
| US20160191561A1 (en) | Methods of unsupervised anomaly detection using a geometric framework | |
| Rahman et al. | Adaptive intrusion detection based on boosting and naïve Bayesian classifier | |
| Stokes et al. | Aladin: Active learning of anomalies to detect intrusions | |
| Alagrash et al. | Comparing the area of data mining algorithms in network intrusion detection | |
| Neethu | Adaptive intrusion detection using machine learning | |
| Ma | Log analysis-based intrusion detection via unsupervised learning | |
| Atli | Anomaly-based intrusion detection by modeling probability distributions of flow characteristics | |
| Stopel et al. | Application of artificial neural networks techniques to computer worm detection | |
| Cuzzocrea et al. | Applying machine learning techniques to detect and analyze web phishing attacks | |
| Al-mamory et al. | Evaluation of different data mining algorithms with kdd cup 99 data set | |
| Chimphlee et al. | Unsupervised clustering methods for identifying rare events in anomaly detection | |
| Ourston et al. | Coordinated internet attacks: responding to attack complexity | |
| Taylor et al. | A smart system for detecting behavioural botnet attacks using random forest classifier with principal component analysis | |
| Sureshkumar et al. | Adaptive Butterfly Optimization Algorithm (ABOA) Based Feature Selection and Deep Neural Network (DNN) for Detection of Distributed Denial-of-Service (DDoS) Attacks in Cloud. | |
| Gu | Theoretical and empirical extensions of the dendritic cell algorithm | |
| Nachan et al. | Intrusion Detection System: A Survey | |
| Abinesh et al. | Deep graph convolution neural network based intrusion detection system towards early detection of malicious attacks | |
| Farid et al. | Attribute weighting with adaptive NBTree for reducing false positives in intrusion detection |