Combining conjunctive rule extraction with diffusion maps for network intrusion detection
Juvonen, A., & Sipola, T. (2013). Combining conjunctive rule extraction with diffusion maps for network intrusion detection. In The Eighteenth IEEE Symposium on Computers and Communications (pp. 411-416). Piscataway: IEEE. doi:10.1109/ISCC.2013.6754981
© 2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses. This is the authors’ postprint version of the article. The original print version appeared as: A. Juvonen and T. Sipola, “Combining conjunctive rule extraction with diffusion maps for network intrusion detection,” in In The Eighteenth IEEE Symposium on Computers and Communications (ISCC 2013). IEEE 2013.
Network security and intrusion detection are important in the modern world where communication happens via information networks. Traditional signature-based intrusion detection methods cannot find previously unknown attacks. On the other hand, algorithms used for anomaly detection often have black box qualities that are difficult to understand for people who are not algorithm experts. Rule extraction methods create interpretable rule sets that act as classifiers. They have mostly been combined with already labeled data sets. This paper aims to combine unsupervised anomaly detection with rule extraction techniques to create an online anomaly detection framework. Unsupervised anomaly detection uses diffusion maps and clustering for labeling an unknown data set. Rule sets are created using conjunctive rule extraction algorithm. This research suggests that the combination of machine learning methods and rule extraction is a feasible way to implement network intrusion detection that is meaningful to network administrators. ...
Is part of publicationThe Eighteenth IEEE Symposium on Computers and Communications
MetadataShow full item record
Showing items with similar title or keywords.
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (Springer, 2011)The goal of this study is to detect anomalous queries from network logs using a dimensionality reduction framework. The fequencies of 2-grams in queries are extracted to a feature matrix. Dimensionality reduction is done ...
Sipola, Tuomo; Juvonen, Antti; Lehtonen, Joel (CRL Publishing, 2012)Dynamic web services are vulnerable to multitude of intrusions that could be previously unknown. Server logs contain vast amounts of information about network traffic, and finding attacks from these logs improves the ...
Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets Vahdani Amoli, Payam (University of Jyväskylä, 2015)Today, the occurrence of zero-day and complex attacks in high-speed networks is increasingly common due to the high number vulnerabilities in the cyber world. As a result, intrusions become more sophisticated and fast ...
Kumar, Sanjay; Viinikainen, Ari; Hämäläinen, Timo (Infonomics Society, 2017)The rapid growing trend of mobile devices continues to soar causing massive increase in cyber security threats. Most pervasive threats include ransom-ware, banking malware, premium SMS fraud. The solitary hackers use ...
Adaptive framework for network traffic classification using dimensionality reduction and clustering Juvonen, Antti; Sipola, Tuomo (IEEE, 2012)Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting ...