Digitale Bibliotheek
Sluiten Bladeren door artikelen uit een tijdschrift
 
Zoeken naar met titel:
ABCDEFGHIJKLMNOPQRSTUVWXYZ

 
<< vorige    volgende >>
     Tijdschrift beschrijving
       Alle jaargangen van het bijbehorende tijdschrift
         Alle afleveringen van het bijbehorende jaargang
           Alle artikelen van de bijbehorende aflevering
                                       Details van artikel 15 van 26 gevonden artikelen
 
 
  Network anomaly detection by continuous hidden markov models: An evolutionary programming approach
 
 
Titel: Network anomaly detection by continuous hidden markov models: An evolutionary programming approach
Auteur: Flores, Juan J.
Calderon, Felix
Antolino, Anastacio
Garcia, Juan M.
Verschenen in: Intelligent data analysis
Paginering: Jaargang 19 (2015) nr. 2 pagina's 391-412
Jaar: 2015-04-16
Inhoud: Information security is an important and growing need. The most common schemes used for detection systems include pattern- or signature-based and anomaly-based. Anomaly-based schemes use a set of metrics, which outline the normal system behavior and any significant deviation from the established profile will be treated as an anomaly. This paper contributes with an anomaly-based scheme that monitors the bandwidth consumption of a subnetwork, at the Universidad Michoacana, in Mexico. A normal behavior model is based on bandwidth consumption of the subnetwork. The presence of an anomaly indicates that something is misusing the network (viruses, worms, denial of service, or any other kind of attack). This work also presents a scheme for an automatic architecture design and parameters optimization of Hidden Markov Models (HMMs), based on Evolutionary Programming (EP). The variables to be used by the HMMs are: the bandwidth consumption of network (IN and OUT), and the associated time where the network activity occurs. The system was tested with univariate and bivariate observation sequences to analyze and detect anomaly behavior. The HMMs, designed and trained by EP, were compared against semi-random HMMs trained by the Baum-Welch algorithm. On a second experiment, the HMMs, designed and trained by EP, were compared against HMMs created by an expert user. The HMMs outperformed the other methods in all cases. Finally, we made the HMMs time-aware, by including time as another variable. This inclusion made the HMMs capable of detecting activity patterns that are normal during a period of time but anomalous at other times. For instance, a heavy load on the network may be completely normal during working times, but anomalous at nights or weekends.
Uitgever: IOS Press
Bronbestand: Elektronische Wetenschappelijke Tijdschriften
 
 

                             Details van artikel 15 van 26 gevonden artikelen
 
<< vorige    volgende >>
 
 Koninklijke Bibliotheek - Nationale Bibliotheek van Nederland