Knowledge discovery in computer network data: A security perspective
From a security perspective, computer network data is analyzed largely for two purposes: to detect known structures, and to identify previously unknown structures. As an example of the former, it is considered standard procedure to filter network traffic for previously identified viruses in order to...
Lưu vào:
| Tác giả chính: | |
|---|---|
| Định dạng: | These |
| Ngôn ngữ: | en_US |
| Thông tin xuất bản: |
The Johns Hopkins University
2008
|
| Chủ đề: | |
| Truy cập trực tuyến: | http://ir.vnulib.edu.vn/handle/123456789/1682 |
| Từ khóa: |
Thêm từ khóa bạn đọc
Không có từ khóa, Hãy là người đầu tiên gắn từ khóa cho biểu ghi này!
|
| id |
oai:192.168.1.90:123456789-1682 |
|---|---|
| record_format |
dspace |
| spelling |
oai:192.168.1.90:123456789-16822022-03-28T10:19:20Z Knowledge discovery in computer network data: A security perspective Giles, Kendall E. Mạng máy tính -- Bảo mật Mạng máy tính -- Cấu trúc From a security perspective, computer network data is analyzed largely for two purposes: to detect known structures, and to identify previously unknown structures. As an example of the former, it is considered standard procedure to filter network traffic for previously identified viruses in order to prevent infection and to reduce virus spread. As an example of the latter, security researchers may want to search datasets in order to identify and discover previously unknown relationships or structures in the data, such as intrusions into a network by an external hacker. However, among other limitations, traditional methods of network data analysis are insufficient when processing large volumes of network traffic, do not allow for the discovery of local structures, do not visualize high-dimensional data in meaningful ways, and do not allow user input during search iterations. We present the development, analysis, and testing of a new framework for the analysis of network traffic data. In particular, and among others, the frame-work addresses the following questions: How is network traffic represented in high-dimensional space? (normalized graph Laplacians); How can we extract features from the data? (flow-based feature extraction); How to embed high-dimensional representations in low dimensions? (Laplacian Eigenmaps); How to intuitively visualize low-dimensional structures? (Fiedler Space projections); How to address scaleability concerns? (proximity computation, partitioning, and eigenpair computation approximations); How can the user be involved in the search? (iterative denoising applied to network data); How might this framework be used on empirical network data? (application to computer network intrusion data, backscatter data, and computer network application data). As such, this work presents theoretical as well as practical contributions, and these results are discussed within the con-text of traditional methods and techniques. Thus, due to its theoretical and applied benefits of visualizing and classifying a variety of unsupervised, heterogeneous, high-dimensional computer network traffic datasets, we feel that Iterative Denoising can be a unifying technology for protection, detection, and response groups coordinating around a network security monitoring system. 2008-01-09T01:03:34Z 2008-01-09T01:03:34Z 2006 These http://ir.vnulib.edu.vn/handle/123456789/1682 en_US Doctor of Philosophy application/pdf The Johns Hopkins University |
| institution |
Đại học Quốc Gia Hồ Chí Minh |
| collection |
DSpace |
| language |
en_US |
| topic |
Mạng máy tính -- Bảo mật Mạng máy tính -- Cấu trúc |
| spellingShingle |
Mạng máy tính -- Bảo mật Mạng máy tính -- Cấu trúc Giles, Kendall E. Knowledge discovery in computer network data: A security perspective |
| description |
From a security perspective, computer network data is analyzed largely for two purposes: to detect known structures, and to identify previously unknown structures. As an example of the former, it is considered standard procedure to filter network traffic for previously identified viruses in order to prevent infection and to reduce virus spread. As an example of the latter, security researchers may want to search datasets in order to identify and discover previously unknown relationships or structures in the data, such as intrusions into a network by an external hacker. However, among other limitations, traditional methods of network data analysis are insufficient when processing large volumes of network traffic, do not allow for the discovery of local structures, do not visualize high-dimensional data in meaningful ways, and do not allow user input during search iterations.
We present the development, analysis, and testing of a new framework for the analysis of network traffic data. In particular, and among others, the frame-work addresses the following questions: How is network traffic represented in high-dimensional space? (normalized graph Laplacians); How can we extract features
from the data? (flow-based feature extraction); How to embed high-dimensional representations in low dimensions? (Laplacian Eigenmaps); How to intuitively visualize low-dimensional structures? (Fiedler Space projections); How to address scaleability concerns? (proximity computation, partitioning, and eigenpair computation approximations); How can the user be involved in the search? (iterative denoising applied to network data); How might this framework be used on empirical network data? (application to computer network intrusion data, backscatter data, and computer network application data). As such, this work presents theoretical as well as practical contributions, and these results are discussed within the con-text of traditional methods and techniques. Thus, due to its theoretical and applied benefits of visualizing and classifying a variety of unsupervised, heterogeneous, high-dimensional computer network traffic datasets, we feel that Iterative Denoising can be a unifying technology for protection, detection, and response groups coordinating around a network security monitoring system. |
| format |
These |
| author |
Giles, Kendall E. |
| author_facet |
Giles, Kendall E. |
| author_sort |
Giles, Kendall E. |
| title |
Knowledge discovery in computer network data: A security perspective |
| title_short |
Knowledge discovery in computer network data: A security perspective |
| title_full |
Knowledge discovery in computer network data: A security perspective |
| title_fullStr |
Knowledge discovery in computer network data: A security perspective |
| title_full_unstemmed |
Knowledge discovery in computer network data: A security perspective |
| title_sort |
knowledge discovery in computer network data: a security perspective |
| publisher |
The Johns Hopkins University |
| publishDate |
2008 |
| url |
http://ir.vnulib.edu.vn/handle/123456789/1682 |
| work_keys_str_mv |
AT gileskendalle knowledgediscoveryincomputernetworkdataasecurityperspective |
| _version_ |
1749008379968225280 |