CISPA
Browse

Detecting Attacks in Network Traffic Using Normality Models: The Cellwise Estimator.

Download (520.99 kB)
conference contribution
posted on 2024-10-09, 12:45 authored by Felix Heine, Carsten Kleiner, Philip KlostermeyerPhilip Klostermeyer, Volker Ahlers, Tim Laue, Nils Wellermann
Although machine learning (ML) for intrusion detection is attracting research, its deployment in practice has proven difficult. Major hindrances are that training a classifier requires training data with attack samples, and that trained models are bound to a specific network. To overcome these problems, we propose two new methods for anomaly-based intrusion detection. Both are trained on normal-only data, making deployment much easier. The first approach is based on One-class SVMs, while the second leverages our novel Cellwise Estimator algorithm, which is based on multidimensional OLAP cubes. The latter has the additional benefit of explainable output, in contrast to many ML methods like neural networks. The created models capture the normal behavior of a network and are used to find anomalies that point to attacks. We present a thorough evaluation using benchmark data and a comparison to related approaches showing that our approach is competitive.

History

Editor

Aïmeur E ; Laurent M ; Yaich R ; Dupont B ; García-Alfaro J

Name of Conference

FPS

CISPA Affiliation

  • No

Journal

FPS

Volume

13291

Page Range

265-282

Publisher

Springer

BibTeX

@conference{Heine:Kleiner:Klostermeyer:Ahlers:Laue:Wellermann:2021, title = "Detecting Attacks in Network Traffic Using Normality Models: The Cellwise Estimator.", author = "Heine, Felix" AND "Kleiner, Carsten" AND "Klostermeyer, Philip" AND "Ahlers, Volker" AND "Laue, Tim" AND "Wellermann, Nils", editor = "Aïmeur, Esma" AND "Laurent, Maryline" AND "Yaich, Reda" AND "Dupont, Benoît" AND "García-Alfaro, Joaquín", year = 2021, month = 1, journal = "FPS", pages = "265--282", publisher = "Springer" }

Usage metrics

    Categories

    No categories selected

    Keywords

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC