PDF Publication Title:
Text from PDF Page: 027
• Probe: These attacks scan the network/hosts to gather useful information about the hosts with the intention of launching attacks (e.g. portsweep, ipsweep, queso, satan, msscan, ntinfoscan, lsdomain, illegal-sniffer) • R2L: In this type of attacks, a user without an account in the system obtains local access (e.g. dict, netcat, sendmail, imap, ncftp, xlock, xsnoop, sshtrojan, framespoof, ppmacro, guest, netbus, snmpget, ftpwrite, httptunnel, phf, named) • U2R: In this type of attacks, the user who has the privileges of a normal local account tries to obtain superuser privileges (e.g. sechole, xterm, eject, ps, nukepw, secret, perl, yaga, fdformat, ffbconfig, casesen, ntfsdos, ppmacro, loadmodule, sqlattack) It is also important to mention the fundamental role played by security logs, which are critical at all security management levels. Security logs are the main entry point of information for security threats, having their own ecosystem of functions [58]: acquisition, filtering, normalization, collection management, storage, analysis and long-term storage. IDSs are an important producer of security logs; IDSs can report intrusions in real-time or off-line by security logs. Likewise, IDSs are consumers of security logs. Anomaly-based IDSs use security logs to train the classification algorithms and may need security logs as contextual information while they are in operation. Intrusion detection based on machine learning can be supported by supervised or unsupervised methods. Supervised methods employ the usual models: MLP, SVM, Logistic Regression... [48]. Unsupervised methods can be set-up in different ways [59], adopting different approaches: probabilistic methods, clustering methods or deviation methods. In probabilistic methods, we characterize the probability distribution of normal data and define as an anomaly any data with a given probability lower than a threshold. In clustering methods, we cluster the data and categorize as an anomaly any data too far away from the desired normal data cluster. In deviation methods, we define a generative model able to reconstruct the normal data, in this setting we consider as an anomaly any data that is reconstructed with an error higher than a threshold. In [3] we present an anomaly-based supervised machine learning method (based on a C-VAE). We will use a deviation-based approach, but instead of designating a threshold to define an intrusion, we will use a discriminative framework that will allow us to classify a specific traffic sample with the intrusion label that achieves less reconstruction error. In relation with anomaly-based NIDS, there are several publicly available datasets containing network traffic with different types of anomalies (KDD99, NSL-KDD, UGR16, CAIDA, AWID, ADFA...). It is very difficult to compare the results obtained by different works on intrusion detection, since the datasets are usually different and even when they are similar, the test sets used to present the results are usually different from the one proposed by the creators of the datasets. There is no report, as far as we know, on the use of a C-VAE for classification in the field of network intrusion detection. There are works that present results applying other deep learning models in this field. In [60] a neural network is used in a simulated IoT network. The work in [61] presents a classifier which detects intrusions in an in-vehicle Controller Area Network (CAN), using a deep neural network pre-trained with a Deep Belief Network (DBN). The Doctoral Thesis: Novel applications of Machine Learning to NTAP - 25PDF Image | Novel applications of Machine Learning to Network Traffic Analysis
PDF Search Title:
Novel applications of Machine Learning to Network Traffic AnalysisOriginal File Name Searched:
456453_1175348.pdfDIY PDF Search: Google It | Yahoo | Bing
Cruise Ship Reviews | Luxury Resort | Jet | Yacht | and Travel Tech More Info
Cruising Review Topics and Articles More Info
Software based on Filemaker for the travel industry More Info
The Burgenstock Resort: Reviews on CruisingReview website... More Info
Resort Reviews: World Class resorts... More Info
The Riffelalp Resort: Reviews on CruisingReview website... More Info
CONTACT TEL: 608-238-6001 Email: greg@cruisingreview.com (Standard Web Page)