建模和可视化SSH暴力攻击行为通过混合学习框架

Int. J. Inf. Comput. Secur. Pub Date : 2021-08-27 DOI:10.1504/ijics.2021.10040719

Xiao Luo, Chengchao Yao, A. N. Zincir-Heywood

{"title":"建模和可视化SSH暴力攻击行为通过混合学习框架","authors":"Xiao Luo, Chengchao Yao, A. N. Zincir-Heywood","doi":"10.1504/ijics.2021.10040719","DOIUrl":null,"url":null,"abstract":"Much research has focused on increasing the network anomaly detection rate while reducing the false positive rate through exploring different learning algorithms. However, many of the learning algorithms work as a 'black box' and do not provide insight into the anomaly behaviours to support the decision-making process. This research explores a proposed hybrid learning framework to model and visualise the host-based normal and attack network behaviours. The framework consists of two major learning components: the self-organising map (SOM) is employed to recognise the network flow clusters and to visualise them on a two-dimensional space; and the Association Rule Mining (ARM) algorithm is deployed to analyse and interpret the traffic behaviours within clusters. The proposed learning framework is evaluated on six SSH traffic sets to measure how successful it is at extracting and interpreting the patterns representing normal and attack behaviours.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Modelling and visualising SSH brute force attack behaviours through a hybrid learning framework\",\"authors\":\"Xiao Luo, Chengchao Yao, A. N. Zincir-Heywood\",\"doi\":\"10.1504/ijics.2021.10040719\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Much research has focused on increasing the network anomaly detection rate while reducing the false positive rate through exploring different learning algorithms. However, many of the learning algorithms work as a 'black box' and do not provide insight into the anomaly behaviours to support the decision-making process. This research explores a proposed hybrid learning framework to model and visualise the host-based normal and attack network behaviours. The framework consists of two major learning components: the self-organising map (SOM) is employed to recognise the network flow clusters and to visualise them on a two-dimensional space; and the Association Rule Mining (ARM) algorithm is deployed to analyse and interpret the traffic behaviours within clusters. The proposed learning framework is evaluated on six SSH traffic sets to measure how successful it is at extracting and interpreting the patterns representing normal and attack behaviours.\",\"PeriodicalId\":164016,\"journal\":{\"name\":\"Int. J. Inf. Comput. Secur.\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Inf. Comput. Secur.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/ijics.2021.10040719\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Inf. Comput. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/ijics.2021.10040719","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

很多研究都是通过探索不同的学习算法来提高网络异常检出率，同时降低误报率。然而，许多学习算法就像一个“黑匣子”，不能提供对异常行为的洞察，以支持决策过程。本研究探索了一个拟议的混合学习框架，以建模和可视化基于主机的正常和攻击网络行为。该框架由两个主要的学习组件组成:自组织映射(SOM)用于识别网络流集群并在二维空间上可视化它们;并利用关联规则挖掘(ARM)算法分析和解释集群内的流量行为。提出的学习框架在六个SSH流量集上进行评估，以衡量它在提取和解释表示正常行为和攻击行为的模式方面的成功程度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Modelling and visualising SSH brute force attack behaviours through a hybrid learning framework

Much research has focused on increasing the network anomaly detection rate while reducing the false positive rate through exploring different learning algorithms. However, many of the learning algorithms work as a 'black box' and do not provide insight into the anomaly behaviours to support the decision-making process. This research explores a proposed hybrid learning framework to model and visualise the host-based normal and attack network behaviours. The framework consists of two major learning components: the self-organising map (SOM) is employed to recognise the network flow clusters and to visualise them on a two-dimensional space; and the Association Rule Mining (ARM) algorithm is deployed to analyse and interpret the traffic behaviours within clusters. The proposed learning framework is evaluated on six SSH traffic sets to measure how successful it is at extracting and interpreting the patterns representing normal and attack behaviours.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Int. J. Inf. Comput. Secur.

自引率

0.00%

发文量