Name
Abstract | ||
|---|---|---|
While Anomaly Detection is commonly accepted as an appropriate technique to uncover yet unknown network misuse patterns and malware, detection rates are often diminished by, e.g., unpredictable user behavior, new applications and concept changes. In this paper, we propose and evaluate the benefits of using clustering methods for data preprocessing in Anomaly Detection in order to improve detection rates even in the presence of such events. We study our pre-clustering approach for different features such as IP addresses, traffic characteristics and application layer protocols. Our results obtained by analyzing detection rates for real network traffic with actual intrusions indicates that our approach does indeed significantly improve detection rates and, moreover, is practically feasible. |
Year | DOI | Venue |
|---|---|---|
2016 | 10.5220/0005953003910396 | SECRYPT |
Keywords | Field | DocType |
Computer Networks,Network Anomaly Detection,Clustering | Data mining,Anomaly detection,Application layer,Computer security,Computer science,Data pre-processing,Anomaly-based intrusion detection system,Artificial intelligence,Cluster analysis,Malware,Machine learning | Conference |
Citations | PageRank | References |
0 | 0.34 | 3 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Denis Hock | 1 | 1 | 0.69 |
| Martin Kappes | 2 | 26 | 8.84 |
| B. V. Ghita | 3 | 73 | 24.16 |