4.7 Article

Abstracting massive data for lightweight intrusion detection in computer networks

期刊

INFORMATION SCIENCES
卷 433, 期 -, 页码 417-430

出版社

ELSEVIER SCIENCE INC
DOI: 10.1016/j.ins.2016.10.023

关键词

Data reduction; Intrusion detection; Anomaly detection; Computer security

资金

  1. European Research Consortium for Informatics and Mathematics (ERCIM) fellowship program
  2. Scientific Research Foundation through the Returned Overseas Chinese Scholars, Ministry of Education of China [K14C300020]
  3. Shanghai Key Laboratory of Integrated Administration Technologies for Information Security [AGK2015002]
  4. 111 Project [B14005]

向作者/读者索取更多资源

Anomaly intrusion detection in big data environments calls for lightweight models that are able to achieve real-time performance during detection. Abstracting audit data provides a solution to improve the efficiency of data processing in intrusion detection. Data abstraction refers to abstract or extract the most relevant information from the massive dataset. In this work, we propose three strategies of data abstraction, namely, exemplar extraction, attribute selection and attribute abstraction. We first propose an effective method called exemplar extraction to extract representative subsets from the original massive data prior to building the detection models. Two clustering algorithms, Affinity Propagation (AP) and traditional k-means, are employed to find the exemplars from the audit data. k-Nearest Neighbor (k-NN), Principal Component Analysis (PCA) and one-class Support Vector Machine (SVM) are used for the detection. We then employ another two strategies, attribute selection and attribute extraction, to abstract audit data for anomaly intrusion detection. Two http streams collected from a real computing environment as well as the KDD'99 benchmark data set are used to validate these three strategies of data abstraction. The comprehensive experimental results show that while all the three strategies improve the detection efficiency, the AP-based exemplar extraction achieves the best performance of data abstraction. (C) 2016 Elsevier Inc. All rights reserved.

作者

我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。

评论

主要评分

4.7
评分不足

次要评分

新颖性
-
重要性
-
科学严谨性
-
评价这篇论文

推荐

暂无数据
暂无数据