Network Anomaly Detection Against Frequent Episodes of Internet Connections
نویسندگان
چکیده
Abstract: New datamining techniques are developed for generating frequent episode rules of traffic events. These episode rules are used to distinguish anomalous sequences of TCP, UDP, or ICMP connections from normal traffic episodes. Fundamental rule pruning techniques are introduced to reduce the search space by 40-70%. Our approach accelerates the entire process of machine learning and profile matching. The new detection scheme was tested over real-life Internet trace data at USC mixed up with 10 days of MIT/LL intrusive attack data set.
منابع مشابه
Anomaly Intrusion Detection by Internet Datamining of Traffic Episodes*
We present a new datamining approach to generating frequent episode rules for building anomaly-based, intrusion detection systems. The episode rules are generated to detect anomalous sequences of TCP, UDP, or ICMP connections, which deviate from normal traffic episodes. Rule pruning techniques are introduced to reduce the search space by 40-70%. The new method demonstrates its effectiveness in ...
متن کاملFrequent Episode Rules for Intrusive Anomaly Detection with Internet Datamining*
We present a new datamining scheme for building anomaly-based intrusion detection systems (IDS) in a network environment. Frequent episode rules are generated for anomaly detection. Several rulepruning laws are introduced to reduce the search space by up to 80% in anomaly detection. The new method demonstrates its effectiveness in detecting unknown network attacks embedded in traffic connection...
متن کاملA Survey of Anomaly Detection Approaches in Internet of Things
Internet of Things is an ever-growing network of heterogeneous and constraint nodes which are connected to each other and the Internet. Security plays an important role in such networks. Experience has proved that encryption and authentication are not enough for the security of networks and an Intrusion Detection System is required to detect and to prevent attacks from malicious nodes. In this ...
متن کاملAdaptive Datamining of Internet Traffic Episodes for Anomaly Detection*
A new Internet traffic datamining technique is presented for generating frequent episode rules (FER). Adaptive base-support threshold is applied to different axis attributes in these rules. We use the rules to build anomaly-based, network intrusion detection systems (NIDS). The episode rules detect anomalous sequences of TCP, UDP, or ICMP connections. Three new pruning techniques are devised to...
متن کاملAnomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism
Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in ...
متن کامل