Secil Senel-Kleine, Johannes Bouché, Martin Kappes
{"title":"On the usefulness of machine learning techniques in collaborative anomaly detection","authors":"Secil Senel-Kleine, Johannes Bouché, Martin Kappes","doi":"10.1109/ITECHA.2015.7317397","DOIUrl":null,"url":null,"abstract":"Due to the increase in network attacks, anomaly detection has gained importance. In this paper, we present and investigate the idea of institutions cooperating for performing anomaly detection, i.e. institutions jointly analyzing their network traffic, in order to identify malicious attacks, using classification-based machine learning techniques. We compare the results of such a collaborative analysis with a single analysis. Moreover, as institutions might not be willing to share confidential data, we analyze the benefits of a collaborative approach if some parts of the traffic are being anonymized. While, intuitively, having more data at hand should lead to improved detection rates, our results indicate that a federated analysis using standard classification-based methods improves detection rates only slightly. Moreover, when using anonymized data, the obtained detection rates of a joint data analysis further deteriorate such that the analysis of individual traffic is more useful. Thus, our research indicates that the classical classification based machine learning approaches for anomaly detection must be adapted and improved in order to leverage the advantage of having data from various sources.","PeriodicalId":161782,"journal":{"name":"2015 Internet Technologies and Applications (ITA)","volume":"208 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 Internet Technologies and Applications (ITA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITECHA.2015.7317397","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Due to the increase in network attacks, anomaly detection has gained importance. In this paper, we present and investigate the idea of institutions cooperating for performing anomaly detection, i.e. institutions jointly analyzing their network traffic, in order to identify malicious attacks, using classification-based machine learning techniques. We compare the results of such a collaborative analysis with a single analysis. Moreover, as institutions might not be willing to share confidential data, we analyze the benefits of a collaborative approach if some parts of the traffic are being anonymized. While, intuitively, having more data at hand should lead to improved detection rates, our results indicate that a federated analysis using standard classification-based methods improves detection rates only slightly. Moreover, when using anonymized data, the obtained detection rates of a joint data analysis further deteriorate such that the analysis of individual traffic is more useful. Thus, our research indicates that the classical classification based machine learning approaches for anomaly detection must be adapted and improved in order to leverage the advantage of having data from various sources.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
