Anomaly detection using prior knowledge: application to TCP/IP traffic
- Autores
- Couchet, Jorge; Ferreira, Enrique; Manrique, Daniel; Carrascal, Alberto
- Año de publicación
- 2006
- Idioma
- inglés
- Tipo de recurso
- documento de conferencia
- Estado
- versión publicada
- Descripción
- This article introduces an approach to anomaly intrusion detection based on a combination of supervised and unsupervised machine learning algorithms. The main objective of this work is an effective modeling of the TCP/IP network traffic of an organization that allows the detection of anomalies with an efficient percentage of false positives for a production environment. The architecture proposed uses a hierarchy of Self-Organizing Maps for traffic modeling combined with Learning Vector Quantization techniques to ultimately classify network packets. The architecture is developed using the known SNORT intrusion detection system to preprocess network traffic. In comparison to other techniques, results obtained in this work show that acceptable levels of compromise between attack detection and false positive rates can be achieved.
IFIP International Conference on Artificial Intelligence in Theory and Practice - Neural Nets
Red de Universidades con Carreras en Informática (RedUNCI) - Materia
-
Ciencias Informáticas
intrusion detection
false positive rates
self-organizing maps
Internet (e.g., TCP/IP)
Architectures - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- http://creativecommons.org/licenses/by-nc-sa/2.5/ar/
- Repositorio
.jpg)
- Institución
- Universidad Nacional de La Plata
- OAI Identificador
- oai:sedici.unlp.edu.ar:10915/23877
Ver los metadatos del registro completo
| id |
SEDICI_309ced0b7203fdb155e7d129ae66b6aa |
|---|---|
| oai_identifier_str |
oai:sedici.unlp.edu.ar:10915/23877 |
| network_acronym_str |
SEDICI |
| repository_id_str |
1329 |
| network_name_str |
SEDICI (UNLP) |
| spelling |
Anomaly detection using prior knowledge: application to TCP/IP trafficCouchet, JorgeFerreira, EnriqueManrique, DanielCarrascal, AlbertoCiencias Informáticasintrusion detectionfalse positive ratesself-organizing mapsInternet (e.g., TCP/IP)ArchitecturesThis article introduces an approach to anomaly intrusion detection based on a combination of supervised and unsupervised machine learning algorithms. The main objective of this work is an effective modeling of the TCP/IP network traffic of an organization that allows the detection of anomalies with an efficient percentage of false positives for a production environment. The architecture proposed uses a hierarchy of Self-Organizing Maps for traffic modeling combined with Learning Vector Quantization techniques to ultimately classify network packets. The architecture is developed using the known SNORT intrusion detection system to preprocess network traffic. In comparison to other techniques, results obtained in this work show that acceptable levels of compromise between attack detection and false positive rates can be achieved.IFIP International Conference on Artificial Intelligence in Theory and Practice - Neural NetsRed de Universidades con Carreras en Informática (RedUNCI)2006-08info:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/publishedVersionObjeto de conferenciahttp://purl.org/coar/resource_type/c_5794info:ar-repo/semantics/documentoDeConferenciaapplication/pdfhttp://sedici.unlp.edu.ar/handle/10915/23877enginfo:eu-repo/semantics/altIdentifier/isbn/0-387-34654-6info:eu-repo/semantics/openAccesshttp://creativecommons.org/licenses/by-nc-sa/2.5/ar/Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Argentina (CC BY-NC-SA 2.5)reponame:SEDICI (UNLP)instname:Universidad Nacional de La Platainstacron:UNLP2025-10-15T10:48:14Zoai:sedici.unlp.edu.ar:10915/23877Institucionalhttp://sedici.unlp.edu.ar/Universidad públicaNo correspondehttp://sedici.unlp.edu.ar/oai/snrdalira@sedici.unlp.edu.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:13292025-10-15 10:48:15.219SEDICI (UNLP) - Universidad Nacional de La Platafalse |
| dc.title.none.fl_str_mv |
Anomaly detection using prior knowledge: application to TCP/IP traffic |
| title |
Anomaly detection using prior knowledge: application to TCP/IP traffic |
| spellingShingle |
Anomaly detection using prior knowledge: application to TCP/IP traffic Couchet, Jorge Ciencias Informáticas intrusion detection false positive rates self-organizing maps Internet (e.g., TCP/IP) Architectures |
| title_short |
Anomaly detection using prior knowledge: application to TCP/IP traffic |
| title_full |
Anomaly detection using prior knowledge: application to TCP/IP traffic |
| title_fullStr |
Anomaly detection using prior knowledge: application to TCP/IP traffic |
| title_full_unstemmed |
Anomaly detection using prior knowledge: application to TCP/IP traffic |
| title_sort |
Anomaly detection using prior knowledge: application to TCP/IP traffic |
| dc.creator.none.fl_str_mv |
Couchet, Jorge Ferreira, Enrique Manrique, Daniel Carrascal, Alberto |
| author |
Couchet, Jorge |
| author_facet |
Couchet, Jorge Ferreira, Enrique Manrique, Daniel Carrascal, Alberto |
| author_role |
author |
| author2 |
Ferreira, Enrique Manrique, Daniel Carrascal, Alberto |
| author2_role |
author author author |
| dc.subject.none.fl_str_mv |
Ciencias Informáticas intrusion detection false positive rates self-organizing maps Internet (e.g., TCP/IP) Architectures |
| topic |
Ciencias Informáticas intrusion detection false positive rates self-organizing maps Internet (e.g., TCP/IP) Architectures |
| dc.description.none.fl_txt_mv |
This article introduces an approach to anomaly intrusion detection based on a combination of supervised and unsupervised machine learning algorithms. The main objective of this work is an effective modeling of the TCP/IP network traffic of an organization that allows the detection of anomalies with an efficient percentage of false positives for a production environment. The architecture proposed uses a hierarchy of Self-Organizing Maps for traffic modeling combined with Learning Vector Quantization techniques to ultimately classify network packets. The architecture is developed using the known SNORT intrusion detection system to preprocess network traffic. In comparison to other techniques, results obtained in this work show that acceptable levels of compromise between attack detection and false positive rates can be achieved. IFIP International Conference on Artificial Intelligence in Theory and Practice - Neural Nets Red de Universidades con Carreras en Informática (RedUNCI) |
| description |
This article introduces an approach to anomaly intrusion detection based on a combination of supervised and unsupervised machine learning algorithms. The main objective of this work is an effective modeling of the TCP/IP network traffic of an organization that allows the detection of anomalies with an efficient percentage of false positives for a production environment. The architecture proposed uses a hierarchy of Self-Organizing Maps for traffic modeling combined with Learning Vector Quantization techniques to ultimately classify network packets. The architecture is developed using the known SNORT intrusion detection system to preprocess network traffic. In comparison to other techniques, results obtained in this work show that acceptable levels of compromise between attack detection and false positive rates can be achieved. |
| publishDate |
2006 |
| dc.date.none.fl_str_mv |
2006-08 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/conferenceObject info:eu-repo/semantics/publishedVersion Objeto de conferencia http://purl.org/coar/resource_type/c_5794 info:ar-repo/semantics/documentoDeConferencia |
| format |
conferenceObject |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://sedici.unlp.edu.ar/handle/10915/23877 |
| url |
http://sedici.unlp.edu.ar/handle/10915/23877 |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/isbn/0-387-34654-6 |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess http://creativecommons.org/licenses/by-nc-sa/2.5/ar/ Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Argentina (CC BY-NC-SA 2.5) |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
http://creativecommons.org/licenses/by-nc-sa/2.5/ar/ Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Argentina (CC BY-NC-SA 2.5) |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:SEDICI (UNLP) instname:Universidad Nacional de La Plata instacron:UNLP |
| reponame_str |
SEDICI (UNLP) |
| collection |
SEDICI (UNLP) |
| instname_str |
Universidad Nacional de La Plata |
| instacron_str |
UNLP |
| institution |
UNLP |
| repository.name.fl_str_mv |
SEDICI (UNLP) - Universidad Nacional de La Plata |
| repository.mail.fl_str_mv |
alira@sedici.unlp.edu.ar |
| _version_ |
1846063909879939072 |
| score |
13.22299 |