On the usefulness of machine learning techniques in collaborative anomaly detection

2015 Internet Technologies and Applications (ITA) Pub Date : 2015-09-01 DOI:10.1109/ITECHA.2015.7317397

Secil Senel-Kleine, Johannes Bouché, Martin Kappes

{"title":"On the usefulness of machine learning techniques in collaborative anomaly detection","authors":"Secil Senel-Kleine, Johannes Bouché, Martin Kappes","doi":"10.1109/ITECHA.2015.7317397","DOIUrl":null,"url":null,"abstract":"Due to the increase in network attacks, anomaly detection has gained importance. In this paper, we present and investigate the idea of institutions cooperating for performing anomaly detection, i.e. institutions jointly analyzing their network traffic, in order to identify malicious attacks, using classification-based machine learning techniques. We compare the results of such a collaborative analysis with a single analysis. Moreover, as institutions might not be willing to share confidential data, we analyze the benefits of a collaborative approach if some parts of the traffic are being anonymized. While, intuitively, having more data at hand should lead to improved detection rates, our results indicate that a federated analysis using standard classification-based methods improves detection rates only slightly. Moreover, when using anonymized data, the obtained detection rates of a joint data analysis further deteriorate such that the analysis of individual traffic is more useful. Thus, our research indicates that the classical classification based machine learning approaches for anomaly detection must be adapted and improved in order to leverage the advantage of having data from various sources.","PeriodicalId":161782,"journal":{"name":"2015 Internet Technologies and Applications (ITA)","volume":"208 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 Internet Technologies and Applications (ITA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITECHA.2015.7317397","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Due to the increase in network attacks, anomaly detection has gained importance. In this paper, we present and investigate the idea of institutions cooperating for performing anomaly detection, i.e. institutions jointly analyzing their network traffic, in order to identify malicious attacks, using classification-based machine learning techniques. We compare the results of such a collaborative analysis with a single analysis. Moreover, as institutions might not be willing to share confidential data, we analyze the benefits of a collaborative approach if some parts of the traffic are being anonymized. While, intuitively, having more data at hand should lead to improved detection rates, our results indicate that a federated analysis using standard classification-based methods improves detection rates only slightly. Moreover, when using anonymized data, the obtained detection rates of a joint data analysis further deteriorate such that the analysis of individual traffic is more useful. Thus, our research indicates that the classical classification based machine learning approaches for anomaly detection must be adapted and improved in order to leverage the advantage of having data from various sources.

查看原文本刊更多论文

机器学习技术在协同异常检测中的应用

随着网络攻击的增多，异常检测变得越来越重要。在本文中，我们提出并研究了机构合作执行异常检测的想法，即机构共同分析其网络流量，以便使用基于分类的机器学习技术识别恶意攻击。我们将这种协作分析的结果与单一分析的结果进行比较。此外，由于机构可能不愿意分享机密数据，我们分析了如果部分流量被匿名化，协作方法的好处。虽然直观地说，手头有更多的数据应该会提高检测率，但我们的结果表明，使用基于标准分类的方法进行联邦分析只能略微提高检测率。此外，当使用匿名数据时，联合数据分析的检测率会进一步降低，从而使对单个流量的分析更有用。因此，我们的研究表明，必须调整和改进用于异常检测的经典基于分类的机器学习方法，以利用来自各种来源的数据的优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 Internet Technologies and Applications (ITA)

自引率

0.00%

发文量