東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

Automated network anomaly detection ...

Ippoliti, Dennis.

FindBook

Google Book

Amazon

博客來

Automated network anomaly detection with learning, control and mitigation.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Automated network anomaly detection with learning, control and mitigation./
作者:	Ippoliti, Dennis.
面頁冊數:	197 p.
附註:	Source: Dissertation Abstracts International, Volume: 75-04(E), Section: B.
Contained By:	Dissertation Abstracts International75-04B(E).
標題:	Computer Science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3607573
ISBN:	9781303651717

Automated network anomaly detection with learning, control and mitigation.
Ippoliti, Dennis.

Automated network anomaly detection with learning, control and mitigation. - 197 p.

Source: Dissertation Abstracts International, Volume: 75-04(E), Section: B.

Thesis (Ph.D.)--University of Colorado at Colorado Springs, 2014.

Anomaly detection is a challenging problem that has been researched within a variety of application domains. In network intrusion detection, anomaly based techniques are particularly attractive because of their ability to identify previously unknown attacks without the need to be programmed with the specific signatures of every possible attack. There is a significant body of work in anomaly based intrusion detection applying statistical analysis, data-mining, and machine learning disciplines. However despite more than two decades of active research, there is a striking lack of anomaly based systems in commercial use today. Many of the currently proposed anomaly based systems do not adequately address a series of challenges making them unsuitable for operational deployment. In existing approaches, every step of the anomaly detection process requires expert manual intervention. This dependence makes developing practical systems extremely challenging. In this thesis, we integrate the strengths of machine learning and quality-of-service mitigation techniques for network anomaly detection, and build an operationally practical framework for anomaly- based network intrusion detection. We propose methods for self-adaptive, self-tuning, self-optimizing, and automatically responsive network anomaly detection. In specific, we propose and develop methods for adaptive input normalization adjusting scaling parameters online based on evolving values in observed traffic patterns, adaptive algorithms for flow-based network anomaly detection that respond to feedback to account for concept drift, and evolving methods for aggregated alert correlation that consolidate individual alarms into network events. We propose and design a model for dictating optimal performance in an anomaly detection system and reinforcement learning algorithms for automated tuning and optimization and a confidence forwarding model to support automated response. Furthermore, we develop a fair bandwidth sharing and delay differentiation mechanism for scalable automated response that insulates network resources from malicious traffic while minimizing collateral damage. We develop a prototype network anomaly detection system that integrates the proposed and developed techniques. We evaluate developed approaches using the 1999 Knowledge Discovery and Data-mining Cup and MAWI Lab datasets, but also we create a new dataset based on a combination of live network traces and controlled simulated data injects. Results demonstrate the effectiveness and capability of automated means.

ISBN: 9781303651717Subjects--Topical Terms:

626642
Computer Science.

Automated network anomaly detection with learning, control and mitigation.
LDR:03473nmm a2200277 4500 001 2055299
005 20141203121512.5
008 170521s2014 ||||||||||||||||| ||eng d
020 $a 9781303651717
035 $a (MiAaPQ)AAI3607573
035 $a AAI3607573
040 $a MiAaPQ $c MiAaPQ
100 1 $a Ippoliti, Dennis. $3 3168943
245 1 0 $a Automated network anomaly detection with learning, control and mitigation.
300 $a 197 p.
500 $a Source: Dissertation Abstracts International, Volume: 75-04(E), Section: B.
500 $a Adviser: Xiaobo Zhou.
502 $a Thesis (Ph.D.)--University of Colorado at Colorado Springs, 2014.
520 $a Anomaly detection is a challenging problem that has been researched within a variety of application domains. In network intrusion detection, anomaly based techniques are particularly attractive because of their ability to identify previously unknown attacks without the need to be programmed with the specific signatures of every possible attack. There is a significant body of work in anomaly based intrusion detection applying statistical analysis, data-mining, and machine learning disciplines. However despite more than two decades of active research, there is a striking lack of anomaly based systems in commercial use today. Many of the currently proposed anomaly based systems do not adequately address a series of challenges making them unsuitable for operational deployment. In existing approaches, every step of the anomaly detection process requires expert manual intervention. This dependence makes developing practical systems extremely challenging. In this thesis, we integrate the strengths of machine learning and quality-of-service mitigation techniques for network anomaly detection, and build an operationally practical framework for anomaly- based network intrusion detection. We propose methods for self-adaptive, self-tuning, self-optimizing, and automatically responsive network anomaly detection. In specific, we propose and develop methods for adaptive input normalization adjusting scaling parameters online based on evolving values in observed traffic patterns, adaptive algorithms for flow-based network anomaly detection that respond to feedback to account for concept drift, and evolving methods for aggregated alert correlation that consolidate individual alarms into network events. We propose and design a model for dictating optimal performance in an anomaly detection system and reinforcement learning algorithms for automated tuning and optimization and a confidence forwarding model to support automated response. Furthermore, we develop a fair bandwidth sharing and delay differentiation mechanism for scalable automated response that insulates network resources from malicious traffic while minimizing collateral damage. We develop a prototype network anomaly detection system that integrates the proposed and developed techniques. We evaluate developed approaches using the 1999 Knowledge Discovery and Data-mining Cup and MAWI Lab datasets, but also we create a new dataset based on a combination of live network traces and controlled simulated data injects. Results demonstrate the effectiveness and capability of automated means.
590 $a School code: 0892.
650 4 $a Computer Science. $3 626642
650 4 $a Information Technology. $3 1030799
690 $a 0984
690 $a 0489
710 2 $a University of Colorado at Colorado Springs. $b College of Engineering and Applied Science -Computer Science. $3 2096475
773 0 $t Dissertation Abstracts International $g 75-04B(E).
790 $a 0892
791 $a Ph.D.
792 $a 2014
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3607573