Horchulhack et al., 2022 - Google Patents
Toward feasible machine learning model updates in network-based intrusion detectionHorchulhack et al., 2022
View PDF- Document ID
- 2986751772565798802
- Author
- Horchulhack P
- Viegas E
- Santin A
- Publication year
- Publication venue
- Computer Networks
External Links
Snippet
Over the last years, several works have proposed highly accurate machine learning (ML) techniques for network-based intrusion detection systems (NIDS), that are hardly used in production environments. In practice, current intrusion detection schemes cannot easily …
- 238000010801 machine learning 0 title abstract description 87
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6267—Classification techniques
- G06K9/6279—Classification techniques relating to the number of classes
- G06K9/6284—Single class perspective, e.g. one-against-all classification; Novelty detection; Outlier detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6267—Classification techniques
- G06K9/6268—Classification techniques relating to the classification paradigm, e.g. parametric or non-parametric approaches
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6217—Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
- G06K9/6256—Obtaining sets of training patterns; Bootstrap methods, e.g. bagging, boosting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/3061—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F17/30705—Clustering or classification
- G06F17/3071—Clustering or classification including class or cluster creation or modification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/14—Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Horchulhack et al. | Toward feasible machine learning model updates in network-based intrusion detection | |
Sun et al. | DL‐IDS: Extracting Features Using CNN‐LSTM Hybrid Network for Intrusion Detection System | |
US11886994B1 (en) | System and method for anomaly detection in dynamically evolving data using random neural network decomposition | |
Lerman et al. | Template attacks versus machine learning revisited and the curse of dimensionality in side-channel analysis: extended version | |
Mohammadrezaei et al. | Identifying fake accounts on social networks based on graph analysis and classification algorithms | |
US9038172B2 (en) | Robust anomaly detection and regularized domain adaptation of classifiers with application to internet packet-flows | |
Chapaneri et al. | A comprehensive survey of machine learning-based network intrusion detection | |
Viegas et al. | Machine learning intrusion detection in big data era: A multi-objective approach for longer model lifespans | |
US20180181749A1 (en) | Cyber security | |
US10296832B1 (en) | System and method for detecting an undesirable event | |
Boshmaf et al. | Graph-based sybil detection in social and information systems | |
Pena et al. | Anomaly detection using the correlational paraconsistent machine with digital signatures of network segment | |
CN109951462B (en) | Application software flow anomaly detection system and method based on holographic modeling | |
Singh Samom et al. | Distributed denial of service (DDoS) attacks detection: A machine learning approach | |
Atli | Anomaly-based intrusion detection by modeling probability distributions of flow characteristics | |
Reddy et al. | Ensemble bagging approach for IoT sensor based anomaly detection | |
Callegari et al. | Improving stability of PCA-based network anomaly detection by means of kernel-PCA | |
Rajak et al. | FDF-HybridFS: Towards design of a failure detection framework using hybrid feature selection method for IP core networks that connect 5G core in NFV-based test environment | |
Chu et al. | A machine learning classification model using random forest for detecting DDoS attacks | |
Olimpio Jr et al. | Model update for intrusion detection: Analyzing the performance of delayed labeling and active learning strategies | |
Geng et al. | DUdetector: A dual-granularity unsupervised model for network anomaly detection | |
Bacquet et al. | A comparison of unsupervised learning techniques for encrypted traffic identification | |
Singh et al. | Anomaly detection framework for highly scattered and dynamic data on large-scale networks using AWS | |
Kishimoto et al. | Improving performance of anomaly-based ids by combining multiple classifiers | |
Noferesti et al. | ACoPE: An adaptive semi-supervised learning approach for complex-policy enforcement in high-bandwidth networks |