Unsupervised Network Anomaly Detection

In this paper, the authors present a completely unsupervised approach to detect attacks, without relying on signatures, labeled traffic, or training. The unsupervised detection of network attacks represents an extremely challenging goal. The structure of the anomaly identified by the clustering algorithms is used to automatically construct specific filtering rules that characterize its nature, providing easy-to-interpret information to the network operator. In addition, these rules are combined to create an anomaly signature, which can be directly exported towards standard security devices like IDSs, IPSs, and/or firewalls.

Provided by: International Journal of Engineering Trends and Technology Topic: Security Date Added: Apr 2013 Format: PDF

Find By Topic