Full text
|
PDF
- Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (341kB) | Preview |
Blanco Andrés, Roberto and Malagón Marzo, Pedro José and Briongos Herrerjo, Samira and Moya Fernández, José Manuel (2019). Anomaly detection using gaussian mixture probability model to implement intrusion detection system. In: "XIV International Conference on Hybrid Artificial Intelligent Systems (HAIS 2019)", 04/09/2019 - 06/09/2019, León, Spain. ISBN 978-3-030-29859-3. pp. 648-659. https://doi.org/10.1007/978-3-030-29859-3_55.
Title: | Anomaly detection using gaussian mixture probability model to implement intrusion detection system |
---|---|
Author/s: |
|
Item Type: | Presentation at Congress or Conference (Article) |
Event Title: | XIV International Conference on Hybrid Artificial Intelligent Systems (HAIS 2019) |
Event Dates: | 04/09/2019 - 06/09/2019 |
Event Location: | León, Spain |
Title of Book: | Hybrid Artificial Intelligent Systems. HAIS 2019. Lecture Notes in Computer Science |
Date: | 26 August 2019 |
ISBN: | 978-3-030-29859-3 |
Volume: | 11734 |
Subjects: | |
Freetext Keywords: | Intrusion Detection; Gaussian Mixture Model; Voting |
Faculty: | E.T.S.I. Telecomunicación (UPM) |
Department: | Otro |
Creative Commons Licenses: | Recognition - No derivative works - Non commercial |
|
PDF
- Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (341kB) | Preview |
Network intrusion detection systems (NIDS) detect attacks or anomalous network traffic patterns in order to avoid cybersecurity issues. Anomaly detection algorithms are used to identify unusual behavior or outliers in the network traffic in order to generate alarms. Traditionally, Gaussian Mixture Models (GMMs) have been used for probabilistic-based anomaly detection NIDS. We propose to use multiple simple GMMs to model each individual feature, and an asymmetric voting scheme that aggregates the individual anomaly detectors to provide. We test our approach using the NSL dataset. We construct the normal behavior models using only the samples labelled as normal in this dataset and evaluate our proposal using the official NSL testing set. As a result, we obtain a F1-score over 0.9, outperforming other supervised and unsupervised proposals.
Type | Code | Acronym | Leader | Title |
---|---|---|---|---|
Government of Spain | AYA2015-65973-C3-3-R | AMIGA6 | Unspecified | Gas en el interior y en el entorno de las galaxias, Preparación científica para SKA y contribución al diseño del flujo de datos - Procesado de datos en hardware |
Government of Spain | TIN-2015-65277-R | COPHERNICO | Manuel Prieto Matías | Efficient heterogeneous computing: from the processor to the datacenter |
Government of Spain | RTC-2016-5434-8 | Unspecified | Unspecified | Holistic Intrusion Detection and Response Agent - HIDRA |
Item ID: | 56501 |
---|---|
DC Identifier: | https://oa.upm.es/56501/ |
OAI Identifier: | oai:oa.upm.es:56501 |
DOI: | 10.1007/978-3-030-29859-3_55 |
Official URL: | https://link.springer.com/chapter/10.1007%2F978-3-030-29859-3_55 |
Deposited by: | Memoria Investigacion |
Deposited on: | 28 Mar 2020 11:26 |
Last Modified: | 24 May 2021 07:35 |