基于一类分类技术的IP流记录入侵检测

Balt. J. Mod. Comput. Pub Date : 2017-03-23 DOI:10.22364/BJMC.2017.5.1.05

M. Umer, M. Sher, Y. Bi

{"title":"基于一类分类技术的IP流记录入侵检测","authors":"M. Umer, M. Sher, Y. Bi","doi":"10.22364/BJMC.2017.5.1.05","DOIUrl":null,"url":null,"abstract":"Flow-basedintrusiondetectionsystemsanalyzeIPflowrecordstodetectattacksagainst computer networks. IP flow records contain aggregated packet header information; therefore, the amount of data processed by the intrusion detection system is reduced. In addition, since no pay- load is analyzed, the end-to-end encryption does not affect the deployment of intermediate intru- sion detection system. In this paper, we evaluate one-class classification techniques for detection of malicious flows at an initial stage of a multi-stage flow-based intrusion detection system. The initial stage uses minimal flow attributes and only decide if the IP flow is normal or malicious. Since there is only one class of interest (malicious) at the initial stage, we use one-class classifi- cation for detection of malicious flows. In this paper, we review available one-class classification techniques and evaluate them on a flow-based dataset to determine their performance for detec- tion of malicious flows. Our results show that one-class classification techniques using boundary methods give best results in detection of malicious IP flows.","PeriodicalId":431209,"journal":{"name":"Balt. J. Mod. Comput.","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Applying One-Class Classification Techniques to IP Flow Records for Intrusion Detection\",\"authors\":\"M. Umer, M. Sher, Y. Bi\",\"doi\":\"10.22364/BJMC.2017.5.1.05\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Flow-basedintrusiondetectionsystemsanalyzeIPflowrecordstodetectattacksagainst computer networks. IP flow records contain aggregated packet header information; therefore, the amount of data processed by the intrusion detection system is reduced. In addition, since no pay- load is analyzed, the end-to-end encryption does not affect the deployment of intermediate intru- sion detection system. In this paper, we evaluate one-class classification techniques for detection of malicious flows at an initial stage of a multi-stage flow-based intrusion detection system. The initial stage uses minimal flow attributes and only decide if the IP flow is normal or malicious. Since there is only one class of interest (malicious) at the initial stage, we use one-class classifi- cation for detection of malicious flows. In this paper, we review available one-class classification techniques and evaluate them on a flow-based dataset to determine their performance for detec- tion of malicious flows. Our results show that one-class classification techniques using boundary methods give best results in detection of malicious IP flows.\",\"PeriodicalId\":431209,\"journal\":{\"name\":\"Balt. J. Mod. Comput.\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-03-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Balt. J. Mod. Comput.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.22364/BJMC.2017.5.1.05\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Balt. J. Mod. Comput.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.22364/BJMC.2017.5.1.05","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

基于流量的入侵检测系统通过分析流量记录来检测针对计算机网络的攻击。IP流记录包含聚合的包头信息;因此，减少了入侵检测系统处理的数据量。此外，由于不分析有效负载，端到端加密不会影响中间入侵检测系统的部署。在本文中，我们评估了在多阶段基于流的入侵检测系统的初始阶段检测恶意流的一类分类技术。初始阶段使用最小的流属性，仅确定IP流是正常的还是恶意的。由于在初始阶段只有一个感兴趣的类别(恶意)，因此我们使用一类分类来检测恶意流。在本文中，我们回顾了现有的一类分类技术，并在基于流的数据集上对它们进行评估，以确定它们在检测恶意流方面的性能。我们的研究结果表明，使用边界方法的一类分类技术在检测恶意IP流方面效果最好。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Applying One-Class Classification Techniques to IP Flow Records for Intrusion Detection

Flow-basedintrusiondetectionsystemsanalyzeIPflowrecordstodetectattacksagainst computer networks. IP flow records contain aggregated packet header information; therefore, the amount of data processed by the intrusion detection system is reduced. In addition, since no pay- load is analyzed, the end-to-end encryption does not affect the deployment of intermediate intru- sion detection system. In this paper, we evaluate one-class classification techniques for detection of malicious flows at an initial stage of a multi-stage flow-based intrusion detection system. The initial stage uses minimal flow attributes and only decide if the IP flow is normal or malicious. Since there is only one class of interest (malicious) at the initial stage, we use one-class classifi- cation for detection of malicious flows. In this paper, we review available one-class classification techniques and evaluate them on a flow-based dataset to determine their performance for detec- tion of malicious flows. Our results show that one-class classification techniques using boundary methods give best results in detection of malicious IP flows.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Balt. J. Mod. Comput.

自引率

0.00%

发文量