NiagaraCQ: a scalable continuous query system for Internet databases
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Continuously adaptive continuous queries over streams
Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Research and Development on Knowledge Bases Systems at ICOT
VLDB '86 Proceedings of the 12th International Conference on Very Large Data Bases
Formal Framework for Modeling and Simulation of DDoS Attacks Based on Teamwork of Hackers-Agents
IAT '03 Proceedings of the IEEE/WIC International Conference on Intelligent Agent Technology
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
Hi-index | 0.00 |
As the growth of network environment dramatically increases, the network-based applications and services become more important. Many researches have developed different systematic approaches to analyze different network traffic sources. However, the data sources used in these approaches are flat without using concept hierarchy of data dimension. In this paper, we propose Network Intrusion Monitoring System (NIMS) architecture based upon the concept hierarchy with different concept level of each dimension to analyze network traffic data. Besides, in order to reduce the effort of administrators to analyze the network behaviors, the expertise of analyzing network behaviors need to be acquired first. Therefore, a Knowledge Acquisition of Behavior Model Construction (KABMC) schema which consists of Acquisition Flow Transformation (AFT) and Behavior Model Acquisition (BMA) processes is firstly proposed. The AFT is used to generate a basic knowledge model for acquiring knowledge and reducing the effort of experts during knowledge acquisition process. The BMA is used to acquire the knowledge of network behaviors from experts. The knowledge of network behavior models acquired is used to enhance the NIMS to reduce the analyzing effort of administrators.