In EDS ansehen

Decentralized detection of network attacks through P2P data clustering of SNMP data.

Gespeichert in:
Bibliographische Detailangaben
Titel: Decentralized detection of network attacks through P2P data clustering of SNMP data.
Autoren: Cerroni, Walter1 walter.cerroni@unibo.it, Moro, Gianluca2 gianluca.moro@unibo.it, Pasolini, Roberto2 roberto.pasolini@unibo.it, Ramilli, Marco1 marco.ramilli@unibo.it
Quelle: Computers & Security. Jul2015, Vol. 52, p1-16. 16p.
Schlagwörter: *SIMPLE Network Management Protocol (Computer network protocol), *PEER-to-peer architecture (Computer networks), *COMPUTER network security, *BIG data, COMPUTER network resources
Abstract: The goal of Network Intrusion Detection Systems (NIDSs) is to protect against attacks by inspecting network traffic packets, for instance, looking for anomalies and signatures of known attacks. This paper illustrates an approach to attack detection that analyzes just the standard statistics automatically generated by the Simple Network Management Protocol (SNMP) through unsupervised distributed data mining algorithms. We describe the design of a decentralized system composed of a peer-to-peer network of monitoring stations: each of them continuously gathers SNMP statistical observations about the network traffic and runs a distributed data clustering algorithm in cooperation with other stations. This progressively leads to the construction of a traffic model capable to detect undergoing attacks on later observations, including potentially previously unknown attacks. To estimate the accuracy of the described system, we performed an extensive number of distributed data clustering processing on data sets of SNMP observations generated from real traffic. [ABSTRACT FROM AUTHOR]
Copyright of Computers & Security is the property of Pergamon Press - An Imprint of Elsevier Science and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Datenbank: Business Source Index
Beschreibung
Abstract:The goal of Network Intrusion Detection Systems (NIDSs) is to protect against attacks by inspecting network traffic packets, for instance, looking for anomalies and signatures of known attacks. This paper illustrates an approach to attack detection that analyzes just the standard statistics automatically generated by the Simple Network Management Protocol (SNMP) through unsupervised distributed data mining algorithms. We describe the design of a decentralized system composed of a peer-to-peer network of monitoring stations: each of them continuously gathers SNMP statistical observations about the network traffic and runs a distributed data clustering algorithm in cooperation with other stations. This progressively leads to the construction of a traffic model capable to detect undergoing attacks on later observations, including potentially previously unknown attacks. To estimate the accuracy of the described system, we performed an extensive number of distributed data clustering processing on data sets of SNMP observations generated from real traffic. [ABSTRACT FROM AUTHOR]
ISSN:01674048
DOI:10.1016/j.cose.2015.03.006