A framework of unsupervised techniques for anomaly-based intrusion detection

Detalhes bibliográficos
Ano de defesa: 2019
Autor(a) principal: Silva, Anderson Santos da
Orientador(a): Não Informado pela instituição
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: eng
Instituição de defesa: Universidade Federal de Alagoas
Brasil
Programa de Pós-Graduação em Informática
UFAL
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Algoritmos - Anomalias
Detecção de intrusão
Algoritmos não supervisionados
Ciberterrorismo
Algorithms – Anomalies
Intrusion detection
Unsupervised algorithms
Cyber Terrorism
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
Link de acesso: http://www.repositorio.ufal.br/handle/riufal/6488
Resumo: Dozens of algorithms have been proposed for anomaly detection, and, when applied to intrusion detection, they can detect suspect attacks whenever relevant deviations from the expected behavior are observed. The research community still lacks a universal comparative evaluation as well as standard publicly available datasets. It is in general challenging to provide a description that suffices in details, and that is easy to understand and compare. It may often appear that valuable solutions are presented and specially tested in such a way that re-implementation by a third party or comparison with others solutions is difficult, time-consuming and the result might not even be the same. For example, a step in the algorithm might say: "We pick an element from the frontier set" but which element do you pick? Will the first one do? Why Will any element suffice? As another example, the author may probably want to give more implementation details but is constrained by the paper page limit. Additionally, sometimes the author’s description in-lines other algorithms or data structures that perhaps only that author is familiar. In general, it is a common struggle to research and show a quantitative comparison that gives evidence of the quality of a solution. While this is undoubtedly essential for further researches and improvements in the topic, it is challenging to create a quantitative comparison which allows a fair comparison of different anomaly detection techniques. Thus, a public quantitative analysis for anomaly detection algorithms, which can be used by anyone and eventually allow anyone to contribute to, implying that the tests are in a standard format, is much needed.

Registros relacionados