Pattern Recognition and Machine Learning (Information Science and Statistics)
Pattern Recognition and Machine Learning (Information Science and Statistics)
International Journal of Wireless and Mobile Computing
Machine learning approaches to network anomaly detection
SYSML'07 Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques
Classification using discriminative restricted Boltzmann machines
Proceedings of the 25th international conference on Machine learning
A nonlinear, recurrence-based approach to traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Semi-supervised co-training and active learning based approach for multi-view intrusion detection
Proceedings of the 2009 ACM symposium on Applied Computing
ACM Computing Surveys (CSUR)
Learning Deep Architectures for AI
Foundations and Trends® in Machine Learning
Self-Similar Properties of Spam
IMIS '11 Proceedings of the 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing
A Generic Intrusion Detection and Diagnoser System Based on Complex Event Processing
CCP '11 Proceedings of the 2011 First International Conference on Data Compression, Communications and Processing
FRaC: a feature-modeling approach for semi-supervised and unsupervised anomaly detection
Data Mining and Knowledge Discovery
Advances in Cognitive Information Systems
Advances in Cognitive Information Systems
Device Tracking in Private Networks via NAPT Log Analysis
IMIS '12 Proceedings of the 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing
Hi-index | 0.01 |
With the rapid growth and the increasing complexity of network infrastructures and the evolution of attacks, identifying and preventing network abuses is getting more and more strategic to ensure an adequate degree of protection from both external and internal menaces. In this scenario many techniques are emerging for inspecting network traffic and discriminating between anomalous and normal behaviors to detect undesired or suspicious activities. Unfortunately, the concept of normal or abnormal network behavior depends on several factors and its recognition requires the availability of a model aiming at characterizing current behavior, based on a statistical idealization of past events. There are two main challenges when generating the training data needed for effective modeling. First, network traffic is very complex and unpredictable, and second, the model is subject to changes over time, since anomalies are continuously evolving. As attack techniques and patterns change, previously gained information about how to tell them apart from normal traffic may be no longer valid. Thus, a desirable characteristic of an effective model for network anomaly detection is its ability to adapt to change and to generalize its behavior to multiple different network environments. In other words, a self-learning system is needed. This suggests the adoption of machine learning techniques to implement semi-supervised anomaly detection systems where the classifier is trained with ''normal'' traffic data only, so that knowledge about anomalous behaviors can be constructed and evolve in a dynamic way. For this purpose we explored the effectiveness of a detection approach based on machine learning, using the Discriminative Restricted Boltzmann Machine to combine the expressive power of generative models with good classification accuracy capabilities to infer part of its knowledge from incomplete training data.