A detailed description on unsupervised heterogeneous anomaly based intrusion detection framework
Observing network traffic flow for anomalies is a common method in Intrusion Detection. More effort has been taken in utilizing the data mining and machine learning algorithms to construct anomaly based intrusion detection systems, but the dependency on the learned models that were built based on ea...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Universitatae de vest
2019
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/80413/1/ANOMALY.pdf http://psasir.upm.edu.my/id/eprint/80413/ https://www.scpe.org/index.php/scpe/article/view/1465 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Putra Malaysia |
| Language: | English |
| id |
my.upm.eprints.80413 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.804132020-11-06T18:55:26Z http://psasir.upm.edu.my/id/eprint/80413/ A detailed description on unsupervised heterogeneous anomaly based intrusion detection framework Udzir, Nur Izura Hajamydeen, Asif Iqbal Observing network traffic flow for anomalies is a common method in Intrusion Detection. More effort has been taken in utilizing the data mining and machine learning algorithms to construct anomaly based intrusion detection systems, but the dependency on the learned models that were built based on earlier network behaviour still exists, which restricts those methods in detecting new or unknown intrusions. Consequently, this investigation proposes a structure to identify an extensive variety of abnormalities by analysing heterogeneous logs, without utilizing either a prepared model of system transactions or the attributes of anomalies. To accomplish this, a current segment (clustering) has been used and a few new parts (filtering, aggregating and feature analysis) have been presented. Several logs from multiple sources are used as input and this data are processed by all the modules of the framework. As each segment is instrumented for a particular undertaking towards a definitive objective, the commitment of each segment towards abnormality recognition is estimated with various execution measurements. Ultimately, the framework is able to detect a broad range of intrusions exist in the logs without using either the attack knowledge or the traffic behavioural models. The result achieved shows the direction or pathway to design anomaly detectors that can utilize raw traffic logs collected from heterogeneous sources on the network monitored and correlate the events across the logs to detect intrusions. Universitatae de vest 2019 Article PeerReviewed text en http://psasir.upm.edu.my/id/eprint/80413/1/ANOMALY.pdf Udzir, Nur Izura and Hajamydeen, Asif Iqbal (2019) A detailed description on unsupervised heterogeneous anomaly based intrusion detection framework. Scalable Computing, 20 (1). pp. 113-160. ISSN 1895-1767 https://www.scpe.org/index.php/scpe/article/view/1465 10.12694/scpe.v20i1.1465 |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English |
| description |
Observing network traffic flow for anomalies is a common method in Intrusion Detection. More effort has been taken in utilizing the data mining and machine learning algorithms to construct anomaly based intrusion detection systems, but the dependency on the learned models that were built based on earlier network behaviour still exists, which restricts those methods in detecting new or unknown intrusions. Consequently, this investigation proposes a structure to identify an extensive variety of abnormalities by analysing heterogeneous logs, without utilizing either a prepared model of system transactions or the attributes of anomalies. To accomplish this, a current segment (clustering) has been used and a few new parts (filtering, aggregating and feature analysis) have been presented. Several logs from multiple sources are used as input and this data are processed by all the modules of the framework. As each segment is instrumented for a particular undertaking towards a definitive objective, the commitment of each segment towards abnormality recognition is estimated with various execution measurements. Ultimately, the framework is able to detect a broad range of intrusions exist in the logs without using either the attack knowledge or the traffic behavioural models. The result achieved shows the direction or pathway to design anomaly detectors that can utilize raw traffic logs collected from heterogeneous sources on the network monitored and correlate the events across the logs to detect intrusions. |
| format |
Article |
| author |
Udzir, Nur Izura Hajamydeen, Asif Iqbal |
| spellingShingle |
Udzir, Nur Izura Hajamydeen, Asif Iqbal A detailed description on unsupervised heterogeneous anomaly based intrusion detection framework |
| author_facet |
Udzir, Nur Izura Hajamydeen, Asif Iqbal |
| author_sort |
Udzir, Nur Izura |
| title |
A detailed description on unsupervised heterogeneous anomaly based intrusion detection framework |
| title_short |
A detailed description on unsupervised heterogeneous anomaly based intrusion detection framework |
| title_full |
A detailed description on unsupervised heterogeneous anomaly based intrusion detection framework |
| title_fullStr |
A detailed description on unsupervised heterogeneous anomaly based intrusion detection framework |
| title_full_unstemmed |
A detailed description on unsupervised heterogeneous anomaly based intrusion detection framework |
| title_sort |
detailed description on unsupervised heterogeneous anomaly based intrusion detection framework |
| publisher |
Universitatae de vest |
| publishDate |
2019 |
| url |
http://psasir.upm.edu.my/id/eprint/80413/1/ANOMALY.pdf http://psasir.upm.edu.my/id/eprint/80413/ https://www.scpe.org/index.php/scpe/article/view/1465 |
| _version_ |
1683232224471678976 |