Hammerschmidt et al., 2016 - Google Patents
Behavioral clustering of non-stationary IP flow record dataHammerschmidt et al., 2016
View PDF- Document ID
- 3186356516985810133
- Author
- Hammerschmidt C
- Marchal S
- State R
- Verwer S
- Publication year
- Publication venue
- 2016 12th International Conference on Network and Service Management (CNSM)
External Links
Snippet
Automated network traffic analysis using machine learning techniques plays an important role in managing networks and IT infrastructure. A key challenge to the correct and effective application of machine learning is dealing with non-stationary learning data sources and …
- 230000003542 behavioural 0 title description 4
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6267—Classification techniques
- G06K9/6279—Classification techniques relating to the number of classes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06K—RECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K9/00—Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
- G06K9/62—Methods or arrangements for recognition using electronic means
- G06K9/6217—Design or setup of recognition systems and techniques; Extraction of features in feature space; Clustering techniques; Blind source separation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/02—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data
- H04L43/026—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data using flow generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N99/00—Subject matter not provided for in other groups of this subclass
- G06N99/005—Learning machines, i.e. computer in which a programme is changed according to experience gained by the machine itself during a complete run
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/12—Arrangements for maintenance or administration or management of packet switching networks network topology discovery or management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/06—Arrangements for maintenance or administration or management of packet switching networks involving management of faults or events or alarms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/54—Store-and-forward switching systems
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Tan et al. | A system for denial-of-service attack detection based on multivariate correlation analysis | |
| Javaid et al. | A deep learning approach for network intrusion detection system | |
| Gogoi et al. | MLH-IDS: a multi-level hybrid intrusion detection method | |
| Farid et al. | Combining naive bayes and decision tree for adaptive intrusion detection | |
| Saxena et al. | Intrusion detection in KDD99 dataset using SVM-PSO and feature reduction with information gain | |
| Hammerschmidt et al. | Behavioral clustering of non-stationary IP flow record data | |
| Su et al. | Hierarchical clustering based network traffic data reduction for improving suspicious flow detection | |
| CN109150859B (en) | Botnet detection method based on network traffic flow direction similarity | |
| CN115277178B (en) | Abnormality monitoring method, device and storage medium based on enterprise network flow | |
| Bolzoni et al. | Panacea: Automating attack classification for anomaly-based network intrusion detection systems | |
| EP3948604A1 (en) | Computer security | |
| CN114143037A (en) | Malicious encrypted channel detection method based on process behavior analysis | |
| Al-mamory et al. | Evaluation of different data mining algorithms with kdd cup 99 data set | |
| Zali et al. | Real-time attack scenario detection via intrusion detection alert correlation | |
| Rajora | Reviews research on applying machine learning techniques to reduce false positives for network intrusion detection systems | |
| Özdel et al. | Payload-based network traffic analysis for application classification and intrusion detection | |
| Ourston et al. | Coordinated internet attacks: responding to attack complexity | |
| Zwane et al. | Ensemble learning approach for flow-based intrusion detection system | |
| Pandeeswari et al. | Analysis of intrusion detection using machine learning techniques | |
| Hammerschmidt et al. | Efficient learning of communication profiles from ip flow records | |
| Nalavade et al. | Evaluation of k-means clustering for effective intrusion detection and prevention in massive network traffic data | |
| Shin et al. | False alarm classification model for network-based intrusion detection system | |
| Abdullah et al. | TiSEFE: Time series evolving fuzzy engine for network traffic classification | |
| CN118282707A (en) | An Intrusion Detection Method Based on Incremental Training | |
| Kim et al. | Improving botnet detection with recurrent neural network and transfer learning |