Combining conjunctive rule extraction with diffusion maps for network intrusion detection

Juvonen, Antti; Sipola, Tuomo

doi:10.1109/ISCC.2013.6754981

dc.contributor.author	Juvonen, Antti
dc.contributor.author	Sipola, Tuomo
dc.date.accessioned	2014-04-04T07:40:21Z
dc.date.available	2014-04-04T07:40:21Z
dc.date.issued	2013
dc.identifier.citation	Juvonen, A., & Sipola, T. (2013). Combining conjunctive rule extraction with diffusion maps for network intrusion detection. In <i>The Eighteenth IEEE Symposium on Computers and Communications</i> (pp. 411-416). IEEE. International Symposium on Computers and Communications. <a href="https://doi.org/10.1109/ISCC.2013.6754981" target="_blank">https://doi.org/10.1109/ISCC.2013.6754981</a>
dc.identifier.other	CONVID_22502302
dc.identifier.other	TUTKAID_57191
dc.identifier.uri	https://jyx.jyu.fi/handle/123456789/43173
dc.description.abstract	Network security and intrusion detection are important in the modern world where communication happens via information networks. Traditional signature-based intrusion detection methods cannot find previously unknown attacks. On the other hand, algorithms used for anomaly detection often have black box qualities that are difficult to understand for people who are not algorithm experts. Rule extraction methods create interpretable rule sets that act as classifiers. They have mostly been combined with already labeled data sets. This paper aims to combine unsupervised anomaly detection with rule extraction techniques to create an online anomaly detection framework. Unsupervised anomaly detection uses diffusion maps and clustering for labeling an unknown data set. Rule sets are created using conjunctive rule extraction algorithm. This research suggests that the combination of machine learning methods and rule extraction is a feasible way to implement network intrusion detection that is meaningful to network administrators.
dc.language.iso	eng
dc.publisher	IEEE
dc.relation.ispartof	The Eighteenth IEEE Symposium on Computers and Communications
dc.relation.ispartofseries	International Symposium on Computers and Communications
dc.subject.other	tunkeutumisen havaitseminen
dc.subject.other	poikkeavuuden havaitseminen
dc.subject.other	n-grammi
dc.subject.other	sääntöjen erottaminen
dc.subject.other	diffuusiokartta
dc.subject.other	tiedon louhinta
dc.subject.other	intrusion detection
dc.subject.other	anomaly detection
dc.subject.other	n-gram
dc.subject.other	rule extraction
dc.subject.other	diffusion map
dc.title	Combining conjunctive rule extraction with diffusion maps for network intrusion detection
dc.type	conferenceObject
dc.identifier.urn	URN:NBN:fi:jyu-201404031456
dc.contributor.laitos	Tietotekniikan laitos	fi
dc.contributor.laitos	Department of Mathematical Information Technology	en
dc.contributor.oppiaine	Tietotekniikka	fi
dc.contributor.oppiaine	Mathematical Information Technology	en
dc.type.uri	http://purl.org/eprint/type/ConferencePaper
dc.date.updated	2014-04-03T03:30:07Z
dc.relation.isbn	978-1-4799-3755-4
dc.type.coar	http://purl.org/coar/resource_type/c_5794
dc.description.reviewstatus	peerReviewed
dc.format.pagerange	411-416
dc.relation.issn	1530-1346
dc.type.version	acceptedVersion
dc.rights.copyright	© 2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses. This is the authors’ postprint version of the article. The original print version appeared as: A. Juvonen and T. Sipola, “Combining conjunctive rule extraction with diffusion maps for network intrusion detection,” in In The Eighteenth IEEE Symposium on Computers and Communications (ISCC 2013). IEEE 2013.
dc.rights.accesslevel	openAccess	fi
dc.relation.conference	International Symposium on Computers and Communications
dc.subject.yso	koneoppiminen
dc.subject.yso	tiedonlouhinta
jyx.subject.uri	http://www.yso.fi/onto/yso/p21846
jyx.subject.uri	http://www.yso.fi/onto/yso/p5520
dc.relation.doi	10.1109/ISCC.2013.6754981
dc.type.okm	A4

Aineistoon kuuluvat tiedostot

Nimi:: ruleextraction.pdf
Koko:: 431.2Kb
Tiedostomuoto:: PDF
Kuvaus:: Accepted version

Katso/Avaa

Aineisto kuuluu seuraaviin kokoelmiin

Informaatioteknologian tiedekunta [2295]

Näytä suppeat kuvailutiedot

Combining conjunctive rule extraction with diffusion maps for network intrusion detection

Aineistoon kuuluvat tiedostot

Aineisto kuuluu seuraaviin kokoelmiin

Samankaltainen aineisto

Dimensionality reduction framework for detecting anomalies from network logs ﻿

Anomaly detection from network logs using diffusion maps ﻿

Adaptive framework for network traffic classification using dimensionality reduction and clustering ﻿

Using affinity perturbations to detect web traffic anomalies ﻿

Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets ﻿

Dimensionality reduction framework for detecting anomalies from network logs

Anomaly detection from network logs using diffusion maps

Adaptive framework for network traffic classification using dimensionality reduction and clustering

Using affinity perturbations to detect web traffic anomalies

Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets