[go: up one dir, main page]

Horchulhack et al., 2022 - Google Patents

Toward feasible machine learning model updates in network-based intrusion detection

Horchulhack et al., 2022

View PDF
Document ID
2986751772565798802
Author
Horchulhack P
Viegas E
Santin A
Publication year
Publication venue
Computer Networks

External Links

Snippet

Over the last years, several works have proposed highly accurate machine learning (ML) techniques for network-based intrusion detection systems (NIDS), that are hardly used in production environments. In practice, current intrusion detection schemes cannot easily …
Continue reading at secplab.ppgia.pucpr.br (PDF) (other versions)

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06KRECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K9/00Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
    • G06K9/62Methods or arrangements for recognition using electronic means
    • G06K9/6267Classification techniques
    • G06K9/6279Classification techniques relating to the number of classes
    • G06K9/6284Single class perspective, e.g. one-against-all classification; Novelty detection; Outlier detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06KRECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K9/00Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
    • G06K9/62Methods or arrangements for recognition using electronic means
    • G06K9/6267Classification techniques
    • G06K9/6268Classification techniques relating to the classification paradigm, e.g. parametric or non-parametric approaches
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N99/00Subject matter not provided for in other groups of this subclass
    • G06N99/005Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06KRECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K9/00Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
    • G06K9/62Methods or arrangements for recognition using electronic means
    • G06K9/6217Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
    • G06K9/6256Obtaining sets of training patterns; Bootstrap methods, e.g. bagging, boosting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor; File system structures therefor
    • G06F17/3061Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F17/30705Clustering or classification
    • G06F17/3071Clustering or classification including class or cluster creation or modification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance or administration or management of packet switching networks
    • H04L41/14Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning

Similar Documents

Publication Publication Date Title
Horchulhack et al. Toward feasible machine learning model updates in network-based intrusion detection
Sun et al. DL‐IDS: Extracting Features Using CNN‐LSTM Hybrid Network for Intrusion Detection System
US11886994B1 (en) System and method for anomaly detection in dynamically evolving data using random neural network decomposition
Lerman et al. Template attacks versus machine learning revisited and the curse of dimensionality in side-channel analysis: extended version
Mohammadrezaei et al. Identifying fake accounts on social networks based on graph analysis and classification algorithms
US9038172B2 (en) Robust anomaly detection and regularized domain adaptation of classifiers with application to internet packet-flows
Chapaneri et al. A comprehensive survey of machine learning-based network intrusion detection
Viegas et al. Machine learning intrusion detection in big data era: A multi-objective approach for longer model lifespans
US20180181749A1 (en) Cyber security
US10296832B1 (en) System and method for detecting an undesirable event
Boshmaf et al. Graph-based sybil detection in social and information systems
Pena et al. Anomaly detection using the correlational paraconsistent machine with digital signatures of network segment
CN109951462B (en) Application software flow anomaly detection system and method based on holographic modeling
Singh Samom et al. Distributed denial of service (DDoS) attacks detection: A machine learning approach
Atli Anomaly-based intrusion detection by modeling probability distributions of flow characteristics
Reddy et al. Ensemble bagging approach for IoT sensor based anomaly detection
Callegari et al. Improving stability of PCA-based network anomaly detection by means of kernel-PCA
Rajak et al. FDF-HybridFS: Towards design of a failure detection framework using hybrid feature selection method for IP core networks that connect 5G core in NFV-based test environment
Chu et al. A machine learning classification model using random forest for detecting DDoS attacks
Olimpio Jr et al. Model update for intrusion detection: Analyzing the performance of delayed labeling and active learning strategies
Geng et al. DUdetector: A dual-granularity unsupervised model for network anomaly detection
Bacquet et al. A comparison of unsupervised learning techniques for encrypted traffic identification
Singh et al. Anomaly detection framework for highly scattered and dynamic data on large-scale networks using AWS
Kishimoto et al. Improving performance of anomaly-based ids by combining multiple classifiers
Noferesti et al. ACoPE: An adaptive semi-supervised learning approach for complex-policy enforcement in high-bandwidth networks