Relevant bibliographies by topics / Unsupervised intrusion detection

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Book chapters
  4. Conference papers

Academic literature on the topic 'Unsupervised intrusion detection'

Author: Grafiati
Published: 2 July 2021
Last updated: 3 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Unsupervised intrusion detection.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Unsupervised intrusion detection"

1

ZHONG, SHI, TAGHI M. KHOSHGOFTAAR, and NAEEM SELIYA. "CLUSTERING-BASED NETWORK INTRUSION DETECTION." International Journal of Reliability, Quality and Safety Engineering 14, no. 02 (April 2007): 169–87. http://dx.doi.org/10.1142/s0218539307002568.

Full text
Abstract:
Recently data mining methods have gained importance in addressing network security issues, including network intrusion detection — a challenging task in network security. Intrusion detection systems aim to identify attacks with a high detection rate and a low false alarm rate. Classification-based data mining models for intrusion detection are often ineffective in dealing with dynamic changes in intrusion patterns and characteristics. Consequently, unsupervised learning methods have been given a closer look for network intrusion detection. We investigate multiple centroid-based unsupervised clustering algorithms for intrusion detection, and propose a simple yet effective self-labeling heuristic for detecting attack and normal clusters of network traffic audit data. The clustering algorithms investigated include, k-means, Mixture-Of-Spherical Gaussians, Self-Organizing Map, and Neural-Gas. The network traffic datasets provided by the DARPA 1998 offline intrusion detection project are used in our empirical investigation, which demonstrates the feasibility and promise of unsupervised learning methods for network intrusion detection. In addition, a comparative analysis shows the advantage of clustering-based methods over supervised classification techniques in identifying new or unseen attack types.
APA, Harvard, Vancouver, ISO, and other styles
2

Hajamydeen, Asif Iqbal, and Nur Izura Udzir. "A Detailed Description on Unsupervised Heterogeneous Anomaly Based Intrusion Detection Framework." Scalable Computing: Practice and Experience 20, no. 1 (March 9, 2019): 113–60. http://dx.doi.org/10.12694/scpe.v20i1.1465.

Full text
Abstract:
Observing network traffic flow for anomalies is a common method in Intrusion Detection. More effort has been taken in utilizing the data mining and machine learning algorithms to construct anomaly based intrusion detection systems, but the dependency on the learned models that were built based on earlier network behaviour still exists, which restricts those methods in detecting new or unknown intrusions. Consequently, this investigation proposes a structure to identify an extensive variety of abnormalities by analysing heterogeneous logs, without utilizing either a prepared model of system transactions or the attributes of anomalies. To accomplish this, a current segment (clustering) has been used and a few new parts (filtering, aggregating and feature analysis) have been presented. Several logs from multiple sources are used as input and this data are processed by all the modules of the framework. As each segment is instrumented for a particular undertaking towards a definitive objective, the commitment of each segment towards abnormality recognition is estimated with various execution measurements. Ultimately, the framework is able to detect a broad range of intrusions exist in the logs without using either the attack knowledge or the traffic behavioural models. The result achieved shows the direction or pathway to design anomaly detectors that can utilize raw traffic logs collected from heterogeneous sources on the network monitored and correlate the events across the logs to detect intrusions.
APA, Harvard, Vancouver, ISO, and other styles
3

Zoppi, Tommaso, Mohamad Gharib, Muhammad Atif, and Andrea Bondavalli. "Meta-Learning to Improve Unsupervised Intrusion Detection in Cyber-Physical Systems." ACM Transactions on Cyber-Physical Systems 5, no. 4 (October 31, 2021): 1–27. http://dx.doi.org/10.1145/3467470.

Full text
Abstract:
Artificial Intelligence (AI)- based classifiers rely on Machine Learning (ML) algorithms to provide functionalities that system architects are often willing to integrate into critical Cyber-Physical Systems (CPSs) . However, such algorithms may misclassify observations, with potential detrimental effects on the system itself or on the health of people and of the environment. In addition, CPSs may be subject to threats that were not previously known, motivating the need for building Intrusion Detectors (IDs) that can effectively deal with zero-day attacks. Different studies were directed to compare misclassifications of various algorithms to identify the most suitable one for a given system. Unfortunately, even the most suitable algorithm may still show an unsatisfactory number of misclassifications when system requirements are strict. A possible solution may rely on the adoption of meta-learners, which build ensembles of base-learners to reduce misclassifications and that are widely used for supervised learning. Meta-learners have the potential to reduce misclassifications with respect to non-meta learners: however, misleading base-learners may let the meta-learner leaning towards misclassifications and therefore their behavior needs to be carefully assessed through empirical evaluation. To such extent, in this paper we investigate, expand, empirically evaluate, and discuss meta-learning approaches that rely on ensembles of unsupervised algorithms to detect (zero-day) intrusions in CPSs. Our experimental comparison is conducted by means of public datasets belonging to network intrusion detection and biometric authentication systems, which are common IDSs for CPSs. Overall, we selected 21 datasets, 15 unsupervised algorithms and 9 different meta-learning approaches. Results allow discussing the applicability and suitability of meta-learning for unsupervised anomaly detection, comparing metric scores achieved by base algorithms and meta-learners. Analyses and discussion end up showing how the adoption of meta-learners significantly reduces misclassifications when detecting (zero-day) intrusions in CPSs.
APA, Harvard, Vancouver, ISO, and other styles
4

Meira, Jorge. "Comparative Results with Unsupervised Techniques in Cyber Attack Novelty Detection." Proceedings 2, no. 18 (September 17, 2018): 1191. http://dx.doi.org/10.3390/proceedings2181191.

Full text
Abstract:
Intrusion detection is a major necessity in current times. Computer systems are constantly being victims of malicious attacks. These attacks keep on exploring new technics that are undetected by current Intrusion Detection Systems (IDS), because most IDS focus on detecting signatures of previously known attacks. This work explores some unsupervised learning algorithms that have the potential of identifying previously unknown attacks, by performing outlier detection. The algorithms explored are one class based: the Autoencoder Neural Network, K-Means, Nearest Neighbor and Isolation Forest. There algorithms were used to analyze two publicly available datasets, the NSL-KDD and ISCX, and compare the results obtained from each algorithm to perceive their performance in novelty detection.
APA, Harvard, Vancouver, ISO, and other styles
5

Casas, Pedro, Johan Mazel, and Philippe Owezarski. "Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge." Computer Communications 35, no. 7 (April 2012): 772–83. http://dx.doi.org/10.1016/j.comcom.2012.01.016.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Zhao, Yi Lin, and Qing Lei Zhou. "Intrusion Detection Method Based on LEGClust Algorithm." Applied Mechanics and Materials 263-266 (December 2012): 3025–33. http://dx.doi.org/10.4028/www.scientific.net/amm.263-266.3025.

Full text
Abstract:
Clustering analysis is a typical unsupervised learning technology in data mining, which can improve the efficiency of intrusion detection system. LEGClust cluster algorithm is a new clustering analysis technique and it can effectively find the arbitrary shape clusters hidden in the data. We apply this algorithm to the intrusion detection field and present an intrusion detection method. We introduce the real dissimilarity among data into the determination of data connection relationship. Experiment results on KDD CUP1999 Dataset show that LEGClust algorithm is an effective technique for intrusion detection and the improved LEGClust performs even better.
APA, Harvard, Vancouver, ISO, and other styles
7

Almalawi, Abdulmohsen, Adil Fahad, Zahir Tari, Asif Irshad Khan, Nouf Alzahrani, Sheikh Tahir Bakhsh, Madini O. Alassafi, Abdulrahman Alshdadi, and Sana Qaiyum. "Add-On Anomaly Threshold Technique for Improving Unsupervised Intrusion Detection on SCADA Data." Electronics 9, no. 6 (June 18, 2020): 1017. http://dx.doi.org/10.3390/electronics9061017.

Full text
Abstract:
Supervisory control and data acquisition (SCADA) systems monitor and supervise our daily infrastructure systems and industrial processes. Hence, the security of the information systems of critical infrastructures cannot be overstated. The effectiveness of unsupervised anomaly detection approaches is sensitive to parameter choices, especially when the boundaries between normal and abnormal behaviours are not clearly distinguishable. Therefore, the current approach in detecting anomaly for SCADA is based on the assumptions by which anomalies are defined; these assumptions are controlled by a parameter choice. This paper proposes an add-on anomaly threshold technique to identify the observations whose anomaly scores are extreme and significantly deviate from others, and then such observations are assumed to be ”abnormal”. The observations whose anomaly scores are significantly distant from ”abnormal” ones will be assumed as ”normal”. Then, the ensemble-based supervised learning is proposed to find a global and efficient anomaly threshold using the information of both ”normal”/”abnormal” behaviours. The proposed technique can be used for any unsupervised anomaly detection approach to mitigate the sensitivity of such parameters and improve the performance of the SCADA unsupervised anomaly detection approaches. Experimental results confirm that the proposed technique achieved a significant improvement compared to the state-of-the-art of two unsupervised anomaly detection algorithms.
APA, Harvard, Vancouver, ISO, and other styles
8

Li, Longlong, Qin Chen, Shuiming Chi, and Xiaohang Liu. "Unsupervised Intrusion Detection based on FCM and Vote Mechanism." Information Technology Journal 13, no. 1 (December 15, 2013): 133–39. http://dx.doi.org/10.3923/itj.2014.133.139.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Iraqi, Omar, and Hanan El Bakkali. "Application-Level Unsupervised Outlier-Based Intrusion Detection and Prevention." Security and Communication Networks 2019 (July 28, 2019): 1–13. http://dx.doi.org/10.1155/2019/8368473.

Full text
Abstract:
As cyber threats are permanently jeopardizing individuals privacy and organizations’ security, there have been several efforts to empower software applications with built-in immunity. In this paper, we present our approach to immune applications through application-level, unsupervised, outlier-based intrusion detection and prevention. Our framework allows tracking application domain objects all along the processing lifecycle. It also leverages the application business context and learns from production data, without creating any training burden on the application owner. Moreover, as our framework uses runtime application instrumentation, it incurs no additional cost on the application provider. We build a fine-grained and rich-feature application behavioral model that gets down to the method level and its invocation context. We define features to be independent from the variable structure of method invocation parameters and returned values, while preserving security-relevant information. We implemented our framework in a Java environment and evaluated it on a widely-used, enterprise-grade, and open-source ERP. We tested several unsupervised outlier detection algorithms and distance functions. Our framework achieved the best results in terms of effectiveness using the Local Outlier Factor algorithm and the Clark distance, while the average instrumentation overhead per intercepted call remains acceptable.
APA, Harvard, Vancouver, ISO, and other styles
10

Min, Luo, Zhang Huan-guo, and Wang Li-na. "Research and implementation of unsupervised clustering-based intrusion detection." Wuhan University Journal of Natural Sciences 8, no. 3 (September 2003): 803–7. http://dx.doi.org/10.1007/bf02900819.

Full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "Unsupervised intrusion detection"

1

Siddiqui, Abdul Jabbar. "Securing Connected and Automated Surveillance Systems Against Network Intrusions and Adversarial Attacks." Thesis, Université d'Ottawa / University of Ottawa, 2021. http://hdl.handle.net/10393/42345.

Full text
Abstract:
In the recent years, connected surveillance systems have been witnessing an unprecedented evolution owing to the advancements in internet of things and deep learning technologies. However, vulnerabilities to various kinds of attacks both at the cyber network-level and at the physical worldlevel are also rising. This poses danger not only to the devices but also to human life and property. The goal of this thesis is to enhance the security of an internet of things, focusing on connected video-based surveillance systems, by proposing multiple novel solutions to address security issues at the cyber network-level and to defend such systems at the physical world-level. In order to enhance security at the cyber network-level, this thesis designs and develops solutions to detect network intrusions in an internet of things such as surveillance cameras. The first solution is a novel method for network flow features transformation, named TempoCode. It introduces a temporal codebook-based encoding of flow features based on capturing the key patterns of benign traffic in a learnt temporal codebook. The second solution takes an unsupervised learning-based approach and proposes four methods to build efficient and adaptive ensembles of neural networks-based autoencoders for intrusion detection in internet of things such as surveillance cameras. To address the physical world-level attacks, this thesis studies, for the first time to the best of our knowledge, adversarial patches-based attacks against a convolutional neural network (CNN)- based surveillance system designed for vehicle make and model recognition (VMMR). The connected video-based surveillance systems that are based on deep learning models such as CNNs are highly vulnerable to adversarial machine learning-based attacks that could trick and fool the surveillance systems. In addition, this thesis proposes and evaluates a lightweight defense solution called SIHFR to mitigate the impact of such adversarial-patches on CNN-based VMMR systems, leveraging the symmetry in vehicles’ face images. The experimental evaluations on recent realistic intrusion detection datasets prove the effectiveness of the developed solutions, in comparison to state-of-the-art, in detecting intrusions of various types and for different devices. Moreover, using a real-world surveillance dataset, we demonstrate the effectiveness of the SIHFR defense method which does not require re-training of the target VMMR model and adds only a minimal overhead. The solutions designed and developed in this thesis shall pave the way forward for future studies to develop efficient intrusion detection systems and adversarial attacks mitigation methods for connected surveillance systems such as VMMR.
APA, Harvard, Vancouver, ISO, and other styles
2

Song, Jungsuk. "Studies on High-Performance Network Intrusion Detection System Based on Unsupervised Machine Learning." 京都大学 (Kyoto University), 2009. http://hdl.handle.net/2433/123840.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Dang, Binh Hy. "Evaluation of Unsupervised Learning Techniques for Intrusion Detection in Mobile Ad Hoc Networks." NSUWorks, 2014. http://nsuworks.nova.edu/gscis_etd/128.

Full text
Abstract:
Anomaly detection in mobile ad hoc network (MANET) is a relatively new area of research. The lack of fixed infrastructure, limited resources, and dynamic topology present numerous problems in MANET security. Recently, several machine learning and data mining techniques have been proposed for anomaly detection in MANETs. In addition, researchers continue to examine new unsupervised detection techniques. As the number of unsupervised learning techniques grows, there is a lack of evidence to support the use of one technique over another. This dissertation research conducted a set of experiments to evaluate the effectiveness of different unsupervised learning techniques for anomaly detection in MANETs, more specifically, the K-means, the C-means, the Fixed-width clustering, the Principal Component Analysis, and the One-class Support Vector Machine. While the main goal of the research was to compare performance of the unsupervised learning techniques, this dissertation research also investigated: i) tradeoffs between competing factors such as high detection performance and limited resource utilization, ii) the impact of normal profile selection models on anomaly detection, iii) the influence of the link change rate as the weighting function on the unsupervised learning algorithms and iv) the influence of decision thresholds on the detection techniques. The results of this dissertation research showed that both K-means and C-means delivered the best performance when using different normal profile models. The results indicated that direct application of clustering techniques provided a worse average performance than that of trained clusters. This dissertation research found that a small value for the time slot was preferred for all techniques. Moreover, a short training interval was also preferred. These preferences appeared to provide better performance while minimizing resource usage (e.g. execution time, CPU, and memory usages). Additionally, the method of using only the initial training data set was found to provide a comparable performance to that of random, recent, and adaptive normal profile models, but required the least resource usage. Finally, the study found that the application of link change rate as the weighting function to adjust the importance of the time slot had no influence on all techniques. Choosing appropriate parameter and decision thresholds for each detection algorithm had a significant influence on maximizing the performance results.
APA, Harvard, Vancouver, ISO, and other styles
4

Mathur, Nitin O. "Application of Autoencoder Ensembles in Anomaly and Intrusion Detection using Time-Based Analysis." University of Cincinnati / OhioLINK, 2020. http://rave.ohiolink.edu/etdc/view?acc_num=ucin161374876195402.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Labonne, Maxime. "Anomaly-based network intrusion detection using machine learning." Electronic Thesis or Diss., Institut polytechnique de Paris, 2020. http://www.theses.fr/2020IPPAS011.

Full text
Abstract:
Ces dernières années, le piratage est devenu une industrie à part entière, augmentant le nombre et la diversité des cyberattaques. Les menaces qui pèsent sur les réseaux informatiques vont des logiciels malveillants aux attaques par déni de service, en passant par le phishing et l'ingénierie sociale. Un plan de cybersécurité efficace ne peut plus reposer uniquement sur des antivirus et des pare-feux pour contrer ces menaces : il doit inclure plusieurs niveaux de défense. Les systèmes de détection d'intrusion (IDS) réseaux sont un moyen complémentaire de renforcer la sécurité, avec la possibilité de surveiller les paquets de la couche 2 (liaison) à la couche 7 (application) du modèle OSI. Les techniques de détection d'intrusion sont traditionnellement divisées en deux catégories : la détection par signatures et la détection par anomalies. La plupart des IDS utilisés aujourd'hui reposent sur la détection par signatures ; ils ne peuvent cependant détecter que des attaques connues. Les IDS utilisant la détection par anomalies sont capables de détecter des attaques inconnues, mais sont malheureusement moins précis, ce qui génère un grand nombre de fausses alertes. Dans ce contexte, la création d'IDS précis par anomalies est d'un intérêt majeur pour pouvoir identifier des attaques encore inconnues.Dans cette thèse, les modèles d'apprentissage automatique sont étudiés pour créer des IDS qui peuvent être déployés dans de véritables réseaux informatiques. Tout d'abord, une méthode d'optimisation en trois étapes est proposée pour améliorer la qualité de la détection : 1/ augmentation des données pour rééquilibrer les jeux de données, 2/ optimisation des paramètres pour améliorer les performances du modèle et 3/ apprentissage ensembliste pour combiner les résultats des meilleurs modèles. Les flux détectés comme des attaques peuvent être analysés pour générer des signatures afin d'alimenter les bases de données d'IDS basées par signatures. Toutefois, cette méthode présente l'inconvénient d'exiger des jeux de données étiquetés, qui sont rarement disponibles dans des situations réelles. L'apprentissage par transfert est donc étudié afin d'entraîner des modèles d'apprentissage automatique sur de grands ensembles de données étiquetés, puis de les affiner sur le trafic normal du réseau à surveiller. Cette méthode présente également des défauts puisque les modèles apprennent à partir d'attaques déjà connues, et n'effectuent donc pas réellement de détection d'anomalies. C'est pourquoi une nouvelle solution basée sur l'apprentissage non supervisé est proposée. Elle utilise l'analyse de l'en-tête des protocoles réseau pour modéliser le comportement normal du trafic. Les anomalies détectées sont ensuite regroupées en attaques ou ignorées lorsqu'elles sont isolées. Enfin, la détection la congestion réseau est étudiée. Le taux d'utilisation de la bande passante entre les différents liens est prédit afin de corriger les problèmes avant qu'ils ne se produisent
In recent years, hacking has become an industry unto itself, increasing the number and diversity of cyber attacks. Threats on computer networks range from malware to denial of service attacks, phishing and social engineering. An effective cyber security plan can no longer rely solely on antiviruses and firewalls to counter these threats: it must include several layers of defence. Network-based Intrusion Detection Systems (IDSs) are a complementary means of enhancing security, with the ability to monitor packets from OSI layer 2 (Data link) to layer 7 (Application). Intrusion detection techniques are traditionally divided into two categories: signatured-based (or misuse) detection and anomaly detection. Most IDSs in use today rely on signature-based detection; however, they can only detect known attacks. IDSs using anomaly detection are able to detect unknown attacks, but are unfortunately less accurate, which generates a large number of false alarms. In this context, the creation of precise anomaly-based IDS is of great value in order to be able to identify attacks that are still unknown.In this thesis, machine learning models are studied to create IDSs that can be deployed in real computer networks. Firstly, a three-step optimization method is proposed to improve the quality of detection: 1/ data augmentation to rebalance the dataset, 2/ parameters optimization to improve the model performance and 3/ ensemble learning to combine the results of the best models. Flows detected as attacks can be analyzed to generate signatures to feed signature-based IDS databases. However, this method has the disadvantage of requiring labelled datasets, which are rarely available in real-life situations. Transfer learning is therefore studied in order to train machine learning models on large labeled datasets, then finetune them on benign traffic of the network to be monitored. This method also has flaws since the models learn from already known attacks, and therefore do not actually perform anomaly detection. Thus, a new solution based on unsupervised learning is proposed. It uses network protocol header analysis to model normal traffic behavior. Anomalies detected are then aggregated into attacks or ignored when isolated. Finally, the detection of network congestion is studied. The bandwidth utilization between different links is predicted in order to correct issues before they occur
APA, Harvard, Vancouver, ISO, and other styles
6

Tjhai, Gina C. "Anomaly-based correlation of IDS alarms." Thesis, University of Plymouth, 2011. http://hdl.handle.net/10026.1/308.

Full text
Abstract:
An Intrusion Detection System (IDS) is one of the major techniques for securing information systems and keeping pace with current and potential threats and vulnerabilities in computing systems. It is an indisputable fact that the art of detecting intrusions is still far from perfect, and IDSs tend to generate a large number of false IDS alarms. Hence human has to inevitably validate those alarms before any action can be taken. As IT infrastructure become larger and more complicated, the number of alarms that need to be reviewed can escalate rapidly, making this task very difficult to manage. The need for an automated correlation and reduction system is therefore very much evident. In addition, alarm correlation is valuable in providing the operators with a more condensed view of potential security issues within the network infrastructure. The thesis embraces a comprehensive evaluation of the problem of false alarms and a proposal for an automated alarm correlation system. A critical analysis of existing alarm correlation systems is presented along with a description of the need for an enhanced correlation system. The study concludes that whilst a large number of works had been carried out in improving correlation techniques, none of them were perfect. They either required an extensive level of domain knowledge from the human experts to effectively run the system or were unable to provide high level information of the false alerts for future tuning. The overall objective of the research has therefore been to establish an alarm correlation framework and system which enables the administrator to effectively group alerts from the same attack instance and subsequently reduce the volume of false alarms without the need of domain knowledge. The achievement of this aim has comprised the proposal of an attribute-based approach, which is used as a foundation to systematically develop an unsupervised-based two-stage correlation technique. From this formation, a novel SOM K-Means Alarm Reduction Tool (SMART) architecture has been modelled as the framework from which time and attribute-based aggregation technique is offered. The thesis describes the design and features of the proposed architecture, focusing upon the key components forming the underlying architecture, the alert attributes and the way they are processed and applied to correlate alerts. The architecture is strengthened by the development of a statistical tool, which offers a mean to perform results or alert analysis and comparison. The main concepts of the novel architecture are validated through the implementation of a prototype system. A series of experiments were conducted to assess the effectiveness of SMART in reducing false alarms. This aimed to prove the viability of implementing the system in a practical environment and that the study has provided appropriate contribution to knowledge in this field.
APA, Harvard, Vancouver, ISO, and other styles
7

Awodokun, Olugbenga. "Classification of Patterns in Streaming Data Using Clustering Signatures." University of Cincinnati / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504880155623189.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Pierrot, David. "Détection dynamique des intrusions dans les systèmes informatiques." Thesis, Lyon, 2018. http://www.theses.fr/2018LYSE2077.

Full text
Abstract:
La démocratisation d’Internet, couplée à l’effet de la mondialisation, a pour résultat d’interconnecter les personnes, les états et les entreprises. Le côté déplaisant de cette interconnexion mondiale des systèmes d’information réside dans un phénomène appelé « Cybercriminalité ». Des personnes, des groupes mal intentionnés ont pour objectif de nuire à l’intégrité des systèmes d’information dans un but financier ou pour servir une cause. Les conséquences d’une intrusion peuvent s’avérer problématiques pour l’existence d’une entreprise ou d’une organisation. Les impacts sont synonymes de perte financière, de dégradation de l’image de marque et de manque de sérieux. La détection d’une intrusion n’est pas une finalité en soit, la réduction du delta détection-réaction est devenue prioritaire. Les différentes solutions existantes s’avèrent être relativement lourdes à mettre place aussi bien en matière de compétence que de mise à jour. Les travaux de recherche ont permis d’identifier les méthodes de fouille de données les plus performantes mais l’intégration dans une système d’information reste difficile. La capture et la conversion des données demandent des ressources de calcul importantes et ne permettent pas forcément une détection dans des délais acceptables. Notre contribution permet, à partir d’une quantité de données relativement moindre de détecter les intrusions. Nous utilisons les événements firewall ce qui réduit les besoins en terme de puissance de calcul tout en limitant la connaissance du système d’information par les personnes en charge de la détection des intrusions. Nous proposons une approche prenant en compte les aspects techniques par l’utilisation d’une méthode hybride de fouille de données mais aussi les aspects fonctionnels. L’addition de ces deux aspects est regroupé en quatre phases. La première phase consiste à visualiser et identifier les activités réseau. La deuxième phase concerne la détection des activités anormales en utilisant des méthodes de fouille de données sur la source émettrice de flux mais également sur les actifs visés. Les troisième et quatrième phases utilisent les résultats d’une analyse de risque et d’audit technique de sécurité pour une prioritisation des actions à mener. L’ensemble de ces points donne une vision générale sur l’hygiène du système d’information mais aussi une orientation sur la surveillance et les corrections à apporter. L’approche développée a donné lieu à un prototype nommé D113. Ce prototype, testé sur une plate-forme d’expérimentation sur deux architectures de taille différentes a permis de valider nos orientations et approches. Les résultats obtenus sont positifs mais perfectibles. Des perspectives ont été définies dans ce sens
The expansion and democratization of the digital world coupled with the effect of the Internet globalization, has allowed individuals, countries, states and companies to interconnect and interact at incidence levels never previously imagined. Cybercrime, in turn, is unfortunately one the negative aspects of this rapid global interconnection expansion. We often find malicious individuals and/or groups aiming to undermine the integrity of Information Systems for either financial gain or to serve a cause. The consequences of an intrusion can be problematic for the existence of a company or an organization. The impacts are synonymous with financial loss, brand image degradation and lack of seriousness. The detection of an intrusion is not an end in itself, the reduction of the delta detection-reaction has become a priority. The different existing solutions prove to be cumbersome to set up. Research has identified more efficient data mining methods, but integration into an information system remains difficult. Capturing and converting protected resource data does not allow detection within acceptable time frames. Our contribution helps to detect intrusions. Protect us against Firewall events which reduces the need for computing power while limiting the knowledge of the information system by intrusion detectors. We propose an approach taking into account the technical aspects by the use of a hybrid method of data mining but also the functional aspects. The addition of these two aspects is grouped into four phases. The first phase is to visualize and identify network activities. The second phase concerns the detection of abnormal activities using data mining methods on the source of the flow but also on the targeted assets. The third and fourth phases use the results of a risk analysis and a safety verification technique to prioritize the actions to be carried out. All these points give a general vision on the hygiene of the information system but also a direction on monitoring and corrections to be made.The approach developed to a prototype named D113. This prototype, tested on a platform of experimentation in two architectures of different size made it possible to validate our orientations and approaches. The results obtained are positive but perfectible. Prospects have been defined in this direction
APA, Harvard, Vancouver, ISO, and other styles
9

Stomeo, Carlo. "Applying Machine Learning to Cyber Security." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2018. http://amslaurea.unibo.it/17303/.

Full text
Abstract:
Intrusion Detection Systems (IDS) nowadays are a very important part of a system. In the last years many methods have been proposed to implement this kind of security measure against cyber attacks, including Machine Learning and Data Mining based. In this work we discuss in details the family of anomaly based IDSs, which are able to detect never seen attacks, paying particular attention to adherence to the FAIR principles. This principles include the Accessibility and the Reusability of software. Moreover, as the purpose of this work is the assessment of what is going on in the state of the art we have selected three approaches, according to their reproducibility and we have compared their performances with a common experimental setting. Lastly real world use case has been analyzed, resulting in the proposal of an usupervised ML model for pre-processing and analyzing web server logs. The proposed solution uses clustering and outlier detection techniques to detect attacks in an unsupervised way.
APA, Harvard, Vancouver, ISO, and other styles
10

Lu, Wei. "Unsupervised anomaly detection framework for multiple-connection based network intrusions." Thesis, 2005. http://hdl.handle.net/1828/1949.

Full text
Abstract:
In this dissertation, we propose an effective and efficient online unsupervised anomaly detection framework. The framework consists of new anomalousness metrics, named IP Weight, and a new hybrid clustering algorithm, named I-means. IP Weight metrics provide measures of anomalousness of IP packet flows on networks. A simple classification of network intrusions consists of distinguishing between single-connection based attacks and multiple-connection based attacks. The IP weight metrics proposed in this work characterize specifically multiple-connection based attacks. The definition of specific metrics for single-connection based attacks is left for future work. The I-means algorithm combines mixture resolving, a genetic algorithm automatically estimating the optimal number of clusters for a set of data, and the k-means algorithm for clustering. Three sets of experiments are conducted to evaluate our new unsupervised anomaly detection framework. The first experiment empirically validates that IP Weight metrics reduce dimensions of feature space characterizing IP packets at a level comparable with the principal component analysis technique. The second experiment is an offline evaluation based on 1998 DARPA intrusion detection dataset. In the offline evaluation, we compare our framework with three other unsupervised anomaly detection approaches, namely, plain k-means clustering, univariate outlier detection and multivariate outlier detection. Evaluation results show that the detection framework based on I-means yields the highest detection rate with a low false alarm rate. Specifically, it detects 18 types of attacks out of a total of 19 multiple-connection based attack types. The third experiment is an online evaluation in a live networking environment. The evaluation result not only confirms the detection effectiveness observed with the DARPA dataset, but also shows a good runtime efficiency, with response times falling within few seconds ranges.
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "Unsupervised intrusion detection"

1

Singh, Jai Puneet, and Nizar Bouguila. "Intrusion Detection Using Unsupervised Approach." In Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 192–201. Cham: Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-67837-5_18.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Laskov, Pavel, Patrick Düssel, Christin Schäfer, and Konrad Rieck. "Learning Intrusion Detection: Supervised or Unsupervised?" In Image Analysis and Processing – ICIAP 2005, 50–57. Berlin, Heidelberg: Springer Berlin Heidelberg, 2005. http://dx.doi.org/10.1007/11553595_6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Guan, Yu, Ali A. Ghorbani, and Nabil Belacel. "An Unsupervised Clustering Algorithm for Intrusion Detection." In Advances in Artificial Intelligence, 616–17. Berlin, Heidelberg: Springer Berlin Heidelberg, 2003. http://dx.doi.org/10.1007/3-540-44886-1_60.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Corona, Igino, Giorgio Giacinto, and Fabio Roli. "Intrusion Detection in Computer Systems Using Multiple Classifier Systems." In Supervised and Unsupervised Ensemble Methods and their Applications, 91–113. Berlin, Heidelberg: Springer Berlin Heidelberg, 2008. http://dx.doi.org/10.1007/978-3-540-78981-9_5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Makkar, Garima, Malini Jayaraman, and Sonam Sharma. "Network Intrusion Detection in an Enterprise: Unsupervised Analytical Methodology." In Data Management, Analytics and Innovation, 451–63. Singapore: Springer Singapore, 2018. http://dx.doi.org/10.1007/978-981-13-1402-5_34.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Park, Kyung Ho, Eunji Park, and Huy Kang Kim. "Unsupervised Intrusion Detection System for Unmanned Aerial Vehicle with Less Labeling Effort." In Information Security Applications, 45–58. Cham: Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-65299-9_4.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Kaur, Sanmeet, and Ishan Garg. "Ensemble Technique Based on Supervised and Unsupervised Learning Approach for Intrusion Detection." In Communications in Computer and Information Science, 228–38. Singapore: Springer Singapore, 2018. http://dx.doi.org/10.1007/978-981-13-1810-8_23.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Min, Erxue, Jun Long, Qiang Liu, Jianjing Cui, Zhiping Cai, and Junbo Ma. "SU-IDS: A Semi-supervised and Unsupervised Framework for Network Intrusion Detection." In Cloud Computing and Security, 322–34. Cham: Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-030-00012-7_30.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Dahiya, Priyanka, and Devesh Kumar Srivastava. "A Comparative Evolution of Unsupervised Techniques for Effective Network Intrusion Detection in Hadoop." In Communications in Computer and Information Science, 279–87. Singapore: Springer Singapore, 2018. http://dx.doi.org/10.1007/978-981-13-1813-9_28.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Luo, Min, Lina Wang, Huanguo Zhang, and Jin Chen. "A Research on Intrusion Detection Based on Unsupervised Clustering and Support Vector Machine." In Information and Communications Security, 325–36. Berlin, Heidelberg: Springer Berlin Heidelberg, 2003. http://dx.doi.org/10.1007/978-3-540-39927-8_30.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Unsupervised intrusion detection"

1

Zanero, Stefano, and Giuseppe Serazzi. "Unsupervised learning algorithms for intrusion detection." In NOMS 2008 - 2008 IEEE Network Operations and Management Symposium. IEEE, 2008. http://dx.doi.org/10.1109/noms.2008.4575276.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Zhang, Jiong, and Mohammad Zulkernine. "Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection." In 2006 IEEE International Conference on Communications. IEEE, 2006. http://dx.doi.org/10.1109/icc.2006.255127.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Wang, Zuohua. "Unsupervised intrusion detection algorithm based on association amendment." In 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD). IEEE, 2014. http://dx.doi.org/10.1109/fskd.2014.6980960.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Zhang, Cuixiao, Guobing Zhang, and Shanshan Sun. "A Mixed Unsupervised Clustering-Based Intrusion Detection Model." In 2009 3rd International Conference on Genetic and Evolutionary Computing (WGEC). IEEE, 2009. http://dx.doi.org/10.1109/wgec.2009.72.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Harbi, Nouria, and Emna Bahri. "Real detection intrusion using supervised and unsupervised learning." In 2013 International Conference of Soft Computing and Pattern Recognition (SoCPaR). IEEE, 2013. http://dx.doi.org/10.1109/socpar.2013.7054151.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Ambusaidi, Mohammed A., Xiangjian He, and Priyadarsi Nanda. "Unsupervised Feature Selection Method for Intrusion Detection System." In 2015 IEEE Trustcom/BigDataSE/ISPA. IEEE, 2015. http://dx.doi.org/10.1109/trustcom.2015.387.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Said, D., L. Stirling, P. Federolf, and K. Barker. "Data preprocessing for distance-based unsupervised Intrusion Detection." In 2011 Ninth Annual International Conference on Privacy, Security and Trust. IEEE, 2011. http://dx.doi.org/10.1109/pst.2011.5971981.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Zanero, Stefano, and Sergio M. Savaresi. "Unsupervised learning techniques for an intrusion detection system." In the 2004 ACM symposium. New York, New York, USA: ACM Press, 2004. http://dx.doi.org/10.1145/967900.967988.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Suman, Chanchal, Somanath Tripathy, and Sriparna Saha. "An Intrusion Detection System Using Unsupervised Feature Selection." In TENCON 2019 - 2019 IEEE Region 10 Conference (TENCON). IEEE, 2019. http://dx.doi.org/10.1109/tencon.2019.8929510.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Hai, Yong J., Yu Wu, and Guo Y. Wang. "An improved unsupervised clustering-based intrusion detection method." In Defense and Security, edited by Belur V. Dasarathy. SPIE, 2005. http://dx.doi.org/10.1117/12.603086.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'Unsupervised intrusion detection' for particular source types:
Journal articles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography