東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

Data mining techniques for network s...

Simon, Gyorgy J.

FindBook

Google Book

Amazon

博客來

Data mining techniques for network scan detection.

紀錄類型:	書目-語言資料,印刷品 : Monograph/item
正題名/作者:	Data mining techniques for network scan detection./
作者:	Simon, Gyorgy J.
面頁冊數:	157 p.
附註:	Advisers: Vipin Kumar; Zhi-Li Zhang.
Contained By:	Dissertation Abstracts International69-02B.
標題:	Computer Science. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3302318
ISBN:	9780549477372

Data mining techniques for network scan detection.
Simon, Gyorgy J.

Data mining techniques for network scan detection. - 157 p.

Advisers: Vipin Kumar; Zhi-Li Zhang.

Thesis (Ph.D.)--University of Minnesota, 2008.

Thirdly and lastly, we also propose a method for estimating the performance of the classifier (scan detector) when labeled data is unavailable.

ISBN: 9780549477372Subjects--Topical Terms:

626642
Computer Science.

Data mining techniques for network scan detection.
LDR:02704nam 2200313 a 45 001 963667
005 20110831
008 110831s2008 ||||||||||||||||| ||eng d
020 $a 9780549477372
035 $a (UMI)AAI3302318
035 $a AAI3302318
040 $a UMI $c UMI
100 1 $a Simon, Gyorgy J. $3 1286730
245 1 0 $a Data mining techniques for network scan detection.
300 $a 157 p.
500 $a Advisers: Vipin Kumar; Zhi-Li Zhang.
500 $a Source: Dissertation Abstracts International, Volume: 69-02, Section: B, page: 1118.
502 $a Thesis (Ph.D.)--University of Minnesota, 2008.
520 $a Thirdly and lastly, we also propose a method for estimating the performance of the classifier (scan detector) when labeled data is unavailable.
520 $a A precursor to many attacks on networks is often a reconnaissance operation, more commonly referred to as a scan. Despite the vast amount of attention focused on methods for scan detection, the state-of-the-art methods suffer from high rate of false alarms and low rate of scan detection.
520 $a In this thesis, we formalize the problem of scan detection as a data mining problem. We show how a network traffic data set can be converted into a data set that is appropriate for off-the-shelf classifiers. Our method successfully demonstrates that data mining models can encapsulate expert knowledge to create an adaptable algorithm that can substantially outperform state-of-the-art methods for scan detection in both coverage and precision. Specifically, we show that our method is capable of very early detection (in many cases, as early as the first connection attempt on the specific port) without significantly compromising the precision of the detection and is capable of distinguishing P2P and backscatter traffic from scanners.
520 $a Using off-the-shelf classifiers as scan detectors is very effective but it requires a training data set whose instances are labeled to indicate the correct class assignment. In rapidly changing fields, like computer network traffic analysis, the availability of up-to-date labeled data sets is very limited. This is primarily a consequence of the excessively high cost of an expert manually labeling these large data sets. In this research, we also propose a method, where labeling the data set is carried out in a semi-supervised manner with user-specified guarantees about the quality of the labeling.
590 $a School code: 0130.
650 4 $a Computer Science. $3 626642
690 $a 0984
710 2 $a University of Minnesota. $3 676231
773 0 $t Dissertation Abstracts International $g 69-02B.
790 $a 0130
790 1 0 $a Kumar, Vipin, $e advisor
790 1 0 $a Zhang, Zhi-Li, $e advisor
791 $a Ph.D.
792 $a 2008
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3302318