Francesco Folino, G. Folino, L. Pontieri, Pietro Sabatino
{"title":"基于网络流量和日志数据的点对点攻击检测体系结构","authors":"Francesco Folino, G. Folino, L. Pontieri, Pietro Sabatino","doi":"10.1109/HPCS.2017.116","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems (IDS) support the recognition of attacks, based on the analysis of either network traffic data (Network-based IDS) or application/system logs stored in a host (Host-based IDS). Exploiting heterogeneous data coming from both kinds of sources could be useful to detect coordinated attacks and to reduce the number of false alarms, but poses challenges in terms of both information integration and scalability. In order to foster the development of such a hybrid IDS, we here propose a p2p intrusion detection architecture, which combines different data manipulation/mining techniques and a collaborative ensemble-based learning approach, and allows to incrementally classify attacks by integrating information extracted from both network traffic data and host logs. Preliminary experiments, conducted on real-life dataset, show that the approach is promising.","PeriodicalId":115758,"journal":{"name":"2017 International Conference on High Performance Computing & Simulation (HPCS)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A Peer-to-Peer Architecture for Detecting Attacks from Network Traffic and Log Data\",\"authors\":\"Francesco Folino, G. Folino, L. Pontieri, Pietro Sabatino\",\"doi\":\"10.1109/HPCS.2017.116\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection systems (IDS) support the recognition of attacks, based on the analysis of either network traffic data (Network-based IDS) or application/system logs stored in a host (Host-based IDS). Exploiting heterogeneous data coming from both kinds of sources could be useful to detect coordinated attacks and to reduce the number of false alarms, but poses challenges in terms of both information integration and scalability. In order to foster the development of such a hybrid IDS, we here propose a p2p intrusion detection architecture, which combines different data manipulation/mining techniques and a collaborative ensemble-based learning approach, and allows to incrementally classify attacks by integrating information extracted from both network traffic data and host logs. Preliminary experiments, conducted on real-life dataset, show that the approach is promising.\",\"PeriodicalId\":115758,\"journal\":{\"name\":\"2017 International Conference on High Performance Computing & Simulation (HPCS)\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on High Performance Computing & Simulation (HPCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HPCS.2017.116\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on High Performance Computing & Simulation (HPCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HPCS.2017.116","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Peer-to-Peer Architecture for Detecting Attacks from Network Traffic and Log Data
Intrusion detection systems (IDS) support the recognition of attacks, based on the analysis of either network traffic data (Network-based IDS) or application/system logs stored in a host (Host-based IDS). Exploiting heterogeneous data coming from both kinds of sources could be useful to detect coordinated attacks and to reduce the number of false alarms, but poses challenges in terms of both information integration and scalability. In order to foster the development of such a hybrid IDS, we here propose a p2p intrusion detection architecture, which combines different data manipulation/mining techniques and a collaborative ensemble-based learning approach, and allows to incrementally classify attacks by integrating information extracted from both network traffic data and host logs. Preliminary experiments, conducted on real-life dataset, show that the approach is promising.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
