{"title":"网络流的多粒度聚合,用于安全分析","authors":"Tao Ding, Ahmed Aleroud, George Karabatis","doi":"10.1109/ISI.2015.7165965","DOIUrl":null,"url":null,"abstract":"Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.","PeriodicalId":292352,"journal":{"name":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Multi-granular aggregation of network flows for security analysis\",\"authors\":\"Tao Ding, Ahmed Aleroud, George Karabatis\",\"doi\":\"10.1109/ISI.2015.7165965\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.\",\"PeriodicalId\":292352,\"journal\":{\"name\":\"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-05-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISI.2015.7165965\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE International Conference on Intelligence and Security Informatics (ISI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISI.2015.7165965","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Multi-granular aggregation of network flows for security analysis
Investigating network flows is an approach of detecting attacks by identifying known patterns. Flow statistics are used to discover anomalies by aggregating network traces and then using machine-learning classifiers to discover suspicious activities. However, the efficiency and effectiveness of the flow classification models depends on the granularity of aggregation. This paper describes a novel approach that aggregates packets into network flows and correlates them with security events generated by payload-based IDSs for detection of cyber-attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
