Anomaly detection using prior knowledge: Application to TCP/IP traffic

Alberto Carrascal, Jorge Couchet, Enrique Ferreira, Daniel Manrique

Producción científica: Capítulo del libro/informe/acta de congresoCapítulorevisión exhaustiva

5 Citas (Scopus)

Resumen

This article introduces an approach to anomaly intrusion detection based on a combination of supervised and unsupervised machine learning algorithms. The main objective of this work is an effective modeling of the TCP/IP network traffic of an organization that allows the detection of anomalies with an efficient percentage of false positives for a production environment. The architecture proposed uses a hierarchy of Self-Organizing Maps for traffic modeling combined with Learning Vector Quantization techniques to ultimately classify network packets. The architecture is developed using the known SNORT intrusion detection system to preprocess network traffic. In comparison to other techniques, results obtained in this work show that acceptable levels of compromise between attack detection and false positive rates can be achieved.

Idioma originalInglés
Título de la publicación alojadaArtificial Intelligence in Theory and Practice
Subtítulo de la publicación alojadaIFIP 19th World Computer Congress, TC 12: IFIP AI 2006 Stream, August 21-24, 2006, Santiago, Chile
EditoresMax Bramer
Páginas139-148
Número de páginas10
DOI
EstadoPublicada - 2006

Serie de la publicación

NombreIFIP International Federation for Information Processing
Volumen217
ISSN (versión impresa)1571-5736

Huella

Profundice en los temas de investigación de 'Anomaly detection using prior knowledge: Application to TCP/IP traffic'. En conjunto forman una huella única.

Citar esto