异常检测:所选方法的概述

2017 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON) Pub Date : 2017-09-01 DOI:10.1109/SIBIRCON.2017.8109836

C. Callegari, S. Giordano, M. Pagano

{"title":"异常检测:所选方法的概述","authors":"C. Callegari, S. Giordano, M. Pagano","doi":"10.1109/SIBIRCON.2017.8109836","DOIUrl":null,"url":null,"abstract":"Detecting anomalous traffic (and above all new ad-hoc attacks) with low false alarm rates is of primary interest in IP networks management. To this aim a key research topic in network security is represented by anomaly-based IDSs (Intrusion Detection Systems) thanks to their ability to face unknown attacks. Starting from more than a decade of research experience by the authors, the aim of this paper is to revise some of the most promising statistical approaches, namely Wavelets, Principal Component Analysis, CUSUM (cumulative sum control chart) and Information Theoretical methods (based on different definitions of the Entropy). Moreover, issues related to the choice of the relevant traffic parameters, use of sketches and availability of dataset for performance comparison are also discussed to highlight the main problems in intrusion detection.","PeriodicalId":135870,"journal":{"name":"2017 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON)","volume":"33 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Anomaly detection: An overview of selected methods\",\"authors\":\"C. Callegari, S. Giordano, M. Pagano\",\"doi\":\"10.1109/SIBIRCON.2017.8109836\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Detecting anomalous traffic (and above all new ad-hoc attacks) with low false alarm rates is of primary interest in IP networks management. To this aim a key research topic in network security is represented by anomaly-based IDSs (Intrusion Detection Systems) thanks to their ability to face unknown attacks. Starting from more than a decade of research experience by the authors, the aim of this paper is to revise some of the most promising statistical approaches, namely Wavelets, Principal Component Analysis, CUSUM (cumulative sum control chart) and Information Theoretical methods (based on different definitions of the Entropy). Moreover, issues related to the choice of the relevant traffic parameters, use of sketches and availability of dataset for performance comparison are also discussed to highlight the main problems in intrusion detection.\",\"PeriodicalId\":135870,\"journal\":{\"name\":\"2017 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON)\",\"volume\":\"33 2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SIBIRCON.2017.8109836\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIBIRCON.2017.8109836","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

以低误报率检测异常流量(以及所有新的ad-hoc攻击)是IP网络管理的主要兴趣。为了实现这一目标，基于异常的入侵检测系统(ids)是网络安全的一个关键研究课题，因为它们能够面对未知的攻击。从作者十多年的研究经验出发，本文的目的是修订一些最有前途的统计方法，即小波，主成分分析，CUSUM(累积和控制图)和信息论方法(基于熵的不同定义)。此外，还讨论了与相关流量参数的选择、草图的使用和数据集的可用性进行性能比较有关的问题，以突出入侵检测中的主要问题。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Anomaly detection: An overview of selected methods

Detecting anomalous traffic (and above all new ad-hoc attacks) with low false alarm rates is of primary interest in IP networks management. To this aim a key research topic in network security is represented by anomaly-based IDSs (Intrusion Detection Systems) thanks to their ability to face unknown attacks. Starting from more than a decade of research experience by the authors, the aim of this paper is to revise some of the most promising statistical approaches, namely Wavelets, Principal Component Analysis, CUSUM (cumulative sum control chart) and Information Theoretical methods (based on different definitions of the Entropy). Moreover, issues related to the choice of the relevant traffic parameters, use of sketches and availability of dataset for performance comparison are also discussed to highlight the main problems in intrusion detection.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 International Multi-Conference on Engineering, Computer and Information Sciences (SIBIRCON)

自引率

0.00%

发文量