Unsupervised Detection of Network Attacks in the dark - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2014

Unsupervised Detection of Network Attacks in the dark

Résumé

The unsupervised detection of network attacks represents an extremely challenging goal. Current methods rely on either very specialized signatures of previously seen attacks, or on expensive and difficult to produce labeled traffic data-sets for profiling and training. In this paper we present a completely unsupervised approach to detect attacks, without relying on signatures, labeled traffic, or training. The method uses robust clustering techniques to detect anomalous traffic flows. The structure of the anomaly identified by the clustering algorithms is used to automatically construct specific filtering rules that characterize its nature, providing easy-to-interpret information to the network operator. In addition, these rules are combined to create an anomaly signature, which can be directly exported towards standard security devices like IDSs, IPSs, and/or Firewalls. The clustering algorithms are highly adapted for parallel computation, which permits to perform the unsupervised detection and construction of signatures in an on-line basis. We evaluate the performance of this new approach to discover and to build signatures for different network attacks without any previous knowledge, using real traffic traces.
Fichier principal
Vignette du fichier
owe_bigdap14.pdf (373.25 Ko) Télécharger le fichier
Origine : Fichiers éditeurs autorisés sur une archive ouverte
Loading...

Dates et versions

hal-01025223 , version 1 (17-07-2014)

Identifiants

  • HAL Id : hal-01025223 , version 1

Citer

Philippe Owezarski, Pedro Casas, Johan Mazel. Unsupervised Detection of Network Attacks in the dark. International Workshop on Big Data Applications and Principles (BIGDAP), Sep 2014, Madrid, Spain. 10p. ⟨hal-01025223⟩
172 Consultations
130 Téléchargements

Partager

Gmail Facebook X LinkedIn More