{"title":"基于增量多数学习的网络流量异常检测","authors":"Shin-Ying Huang, Fang Yu, R. Tsaih, Yennun Huang","doi":"10.1109/IJCNN.2015.7280573","DOIUrl":null,"url":null,"abstract":"Detecting anomaly behavior in large network traffic data has presented a great challenge in designing effective intrusion detection systems. We propose an adaptive model to learn majority patterns under a dynamic changing environment. We first propose unsupervised learning on data abstraction to extract essential features of samples. We then adopt incremental majority learning with iterative evolutions on fitting envelopes to characterize the majority of samples within moving windows. A network traffic sample is considered an anomaly if its abstract feature falls on the outside of the fitting envelope. We justify the effectiveness of the presented approach against 150000+ traffic samples from the NSL-KDD dataset in training and testing, demonstrating positive promise in detecting network attacks by identifying samples that have abnormal features.","PeriodicalId":6539,"journal":{"name":"2015 International Joint Conference on Neural Networks (IJCNN)","volume":"26 1","pages":"1-8"},"PeriodicalIF":0.0000,"publicationDate":"2015-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Network-traffic anomaly detection with incremental majority learning\",\"authors\":\"Shin-Ying Huang, Fang Yu, R. Tsaih, Yennun Huang\",\"doi\":\"10.1109/IJCNN.2015.7280573\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Detecting anomaly behavior in large network traffic data has presented a great challenge in designing effective intrusion detection systems. We propose an adaptive model to learn majority patterns under a dynamic changing environment. We first propose unsupervised learning on data abstraction to extract essential features of samples. We then adopt incremental majority learning with iterative evolutions on fitting envelopes to characterize the majority of samples within moving windows. A network traffic sample is considered an anomaly if its abstract feature falls on the outside of the fitting envelope. We justify the effectiveness of the presented approach against 150000+ traffic samples from the NSL-KDD dataset in training and testing, demonstrating positive promise in detecting network attacks by identifying samples that have abnormal features.\",\"PeriodicalId\":6539,\"journal\":{\"name\":\"2015 International Joint Conference on Neural Networks (IJCNN)\",\"volume\":\"26 1\",\"pages\":\"1-8\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-07-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 International Joint Conference on Neural Networks (IJCNN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IJCNN.2015.7280573\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Joint Conference on Neural Networks (IJCNN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IJCNN.2015.7280573","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network-traffic anomaly detection with incremental majority learning
Detecting anomaly behavior in large network traffic data has presented a great challenge in designing effective intrusion detection systems. We propose an adaptive model to learn majority patterns under a dynamic changing environment. We first propose unsupervised learning on data abstraction to extract essential features of samples. We then adopt incremental majority learning with iterative evolutions on fitting envelopes to characterize the majority of samples within moving windows. A network traffic sample is considered an anomaly if its abstract feature falls on the outside of the fitting envelope. We justify the effectiveness of the presented approach against 150000+ traffic samples from the NSL-KDD dataset in training and testing, demonstrating positive promise in detecting network attacks by identifying samples that have abnormal features.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
