Secil Senel-Kleine, Johannes Bouché, Martin Kappes
{"title":"机器学习技术在协同异常检测中的应用","authors":"Secil Senel-Kleine, Johannes Bouché, Martin Kappes","doi":"10.1109/ITECHA.2015.7317397","DOIUrl":null,"url":null,"abstract":"Due to the increase in network attacks, anomaly detection has gained importance. In this paper, we present and investigate the idea of institutions cooperating for performing anomaly detection, i.e. institutions jointly analyzing their network traffic, in order to identify malicious attacks, using classification-based machine learning techniques. We compare the results of such a collaborative analysis with a single analysis. Moreover, as institutions might not be willing to share confidential data, we analyze the benefits of a collaborative approach if some parts of the traffic are being anonymized. While, intuitively, having more data at hand should lead to improved detection rates, our results indicate that a federated analysis using standard classification-based methods improves detection rates only slightly. Moreover, when using anonymized data, the obtained detection rates of a joint data analysis further deteriorate such that the analysis of individual traffic is more useful. Thus, our research indicates that the classical classification based machine learning approaches for anomaly detection must be adapted and improved in order to leverage the advantage of having data from various sources.","PeriodicalId":161782,"journal":{"name":"2015 Internet Technologies and Applications (ITA)","volume":"208 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"On the usefulness of machine learning techniques in collaborative anomaly detection\",\"authors\":\"Secil Senel-Kleine, Johannes Bouché, Martin Kappes\",\"doi\":\"10.1109/ITECHA.2015.7317397\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Due to the increase in network attacks, anomaly detection has gained importance. In this paper, we present and investigate the idea of institutions cooperating for performing anomaly detection, i.e. institutions jointly analyzing their network traffic, in order to identify malicious attacks, using classification-based machine learning techniques. We compare the results of such a collaborative analysis with a single analysis. Moreover, as institutions might not be willing to share confidential data, we analyze the benefits of a collaborative approach if some parts of the traffic are being anonymized. While, intuitively, having more data at hand should lead to improved detection rates, our results indicate that a federated analysis using standard classification-based methods improves detection rates only slightly. Moreover, when using anonymized data, the obtained detection rates of a joint data analysis further deteriorate such that the analysis of individual traffic is more useful. Thus, our research indicates that the classical classification based machine learning approaches for anomaly detection must be adapted and improved in order to leverage the advantage of having data from various sources.\",\"PeriodicalId\":161782,\"journal\":{\"name\":\"2015 Internet Technologies and Applications (ITA)\",\"volume\":\"208 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 Internet Technologies and Applications (ITA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITECHA.2015.7317397\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 Internet Technologies and Applications (ITA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITECHA.2015.7317397","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
On the usefulness of machine learning techniques in collaborative anomaly detection
Due to the increase in network attacks, anomaly detection has gained importance. In this paper, we present and investigate the idea of institutions cooperating for performing anomaly detection, i.e. institutions jointly analyzing their network traffic, in order to identify malicious attacks, using classification-based machine learning techniques. We compare the results of such a collaborative analysis with a single analysis. Moreover, as institutions might not be willing to share confidential data, we analyze the benefits of a collaborative approach if some parts of the traffic are being anonymized. While, intuitively, having more data at hand should lead to improved detection rates, our results indicate that a federated analysis using standard classification-based methods improves detection rates only slightly. Moreover, when using anonymized data, the obtained detection rates of a joint data analysis further deteriorate such that the analysis of individual traffic is more useful. Thus, our research indicates that the classical classification based machine learning approaches for anomaly detection must be adapted and improved in order to leverage the advantage of having data from various sources.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
