Show simple item record

dc.contributor.authorVahdani Amoli, Payam
dc.date.accessioned2015-12-08T10:54:33Z
dc.date.available2015-12-08T10:54:33Z
dc.date.issued2015
dc.identifier.isbn978-951-39-6452-8
dc.identifier.otheroai:jykdok.linneanet.fi:1505387
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/48018
dc.description.abstractToday, the occurrence of zero-day and complex attacks in high-speed networks is increasingly common due to the high number vulnerabilities in the cyber world. As a result, intrusions become more sophisticated and fast to detrimental the networks and hosts. Due to these reasons real-time monitoring, processing and intrusion detection are now among the key features of NIDS. Traditional types of intrusion detection systems such as signature base IDS are not able detect intrusions with new and complex strategies. Now days, automatic traffic analysis and anomaly intrusion detection became more efficient in field of network security however they suffer from high number of false alarms. Among all type of anomaly detection methods unsupervised machine-learning techniques are commonly applied in NIDS to detect unknown and complex attacks in the network without any prior knowledge. This dissertation manly focuses on analyzing network traffic to find abnormal behavior in real time. The proposed framework consists of network traffic preprocessing, anomaly detection and clustering methods. The proposed framework is capable of generating meaningful reports related to the detection of real intrusions in well-known datasets. Unsupervised learning methods are capable of adapting their required features to the dynamically behavior of the network. Due to unfeasibility of payloads checking in high-speed network the proposed framework monitors network flows instead. Network flow contains the behavior of the network in higher extensive vision and shows the explicitness of the network data, which results in faster and higher detection rate of network attacks. This research shows that by using proper data preprocessing and unsupervised data analyzing methods it is possible to detect fast and complex zero days (new) attack in real time. The practical experiments are presented in the included articles.
dc.format.extent1 verkkoaineisto (54, [15] sivua)
dc.language.isoeng
dc.publisherUniversity of Jyväskylä
dc.relation.ispartofseriesJyväskylä studies in computing
dc.relation.haspart<b>Article I:</b> Etemad, F. F. & Amoli, P. V. 2012. Real-time Botnet command and control characterization at the host level. <i>Telecommunications (IST), 2012 Sixth International Symposium on. Tehran, Iran: IEEE, 1005-1009.</i><a href="http://dx.doi.org/10.1109/ISTEL.2012.6483133" target="_blank">>DOI: 10.1109/ISTEL.2012.6483133</a>
dc.relation.haspart<b>Article II:</b> Amoli, P. V. & Hämäläinen, T. 2013. A real time unsupervised NIDS for detecting unknown and encrypted network attacks in high speed network. <i>Measurements and Networking Proceedings (M&N), 2013 IEEE International Workshop on. Naples, Italy: IEEE, 149-154. </i><a href="http://dx.doi.org/10.1109/IWMN.2013.6663794" target="_blank">DOI: 10.1109/IWMN.2013.6663794</a>
dc.relation.haspart<b>Article III:</b> Hosseinpour, F., Ramadass, S., Meulenberg, A., Amoli, P. V. & Moghaddasi, Z. 2013. Distributed Agent Based Model for Intrusion Detection System Based on Artificial Immune System. <i>International Journal of Digital Content Technology and its Applications (JDCTA) 7(9), 206-214. 10.4156/jdcta.vol7.issue9.26</i>
dc.relation.haspart<b>Article IV:</b> Hosseinpour, F., Amoli, P. V., Farahnakian, F., Plosila, J. & Hämäläinen, T. 2014. Artificial Immune System Based Intrusion Detection: Innate Immunity using an Unsupervised Learning Approach.<i> International Journal of Digital Content Technology and its Applications (JDCTA) 8(5), 1-12. </i>
dc.relation.haspart<b>Article V:</b>. Amoli, P. V., Hämäläinen, T., David, G., Zolotukhin, M. & Mirzamohammad, M. (Accepted Nov/2015). Unsupervised Network Intrusion Detection Systems for Zero-Day Fast-Spreading Attacks and Botnets. <i>International Journal of Digital Content Technology and its Applications (JDCTA)</i>
dc.rightsIn Copyright
dc.subject.othertunkeilijan havaitsemisjärjestelmät
dc.subject.othermachine learning
dc.subject.otherclustering (unsupervised)
dc.subject.othernetwork security
dc.subject.otheranomaly detection
dc.subject.otherintrusion detection
dc.titleUnsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets
dc.typeDiss.
dc.identifier.urnURN:ISBN:978-951-39-6452-8
dc.type.dcmitypeTexten
dc.type.ontasotVäitöskirjafi
dc.type.ontasotDoctoral dissertationen
dc.contributor.tiedekuntaInformaatioteknologian tiedekuntafi
dc.contributor.yliopistoUniversity of Jyväskyläen
dc.contributor.yliopistoJyväskylän yliopistofi
dc.contributor.oppiaineTietotekniikkafi
dc.relation.issn1456-5390
dc.relation.numberinseries231
dc.rights.accesslevelopenAccess
dc.subject.ysotietoturva
dc.subject.ysoverkkohyökkäykset
dc.subject.ysotietoliikenneverkot
dc.subject.ysotiedonsiirto
dc.subject.ysomonitorointi
dc.subject.ysoreaaliaikaisuus
dc.subject.ysokoneoppiminen
dc.subject.ysoalgoritmit
dc.subject.ysoklusterianalyysi
dc.rights.urlhttps://rightsstatements.org/page/InC/1.0/


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

In Copyright
Except where otherwise noted, this item's license is described as In Copyright