Upload File

traffic anomaly detection using 2-means clustering (2007)

  • Home
  • Documents
  • Traffic Anomaly Detection Using 2-Means Clustering (2007)

Click here to load reader

prev
next
out of 15
Download Traffic Anomaly Detection Using 2-Means Clustering (2007)

Upload: amandla

Post on 08-Feb-2016

38 views

Category:

Documents


0 download

Report

DESCRIPTION

Traffic Anomaly Detection Using 2-Means Clustering (2007). Gerhard M¨unz, Sa Li, Georg Carle Computer Networks and Internet Wilhelm Schickard Institute for Computer Science University of Tuebingen , Germany. Proceedings of Leistungs – 35 citations. Apresentação. - PowerPoint PPT Presentation

TRANSCRIPT

Incremental Unsupervised Name Disambiguation in Cleaned Digital Libraries

Gerhard Munz, Sa Li, Georg CarleComputer Networks and Internet

Wilhelm Schickard Institute for Computer ScienceUniversity of Tuebingen, GermanyTraffic Anomaly Detection Using 2-Means Clustering (2007).Proceedings of Leistungs 35 citationsApresentaoAplicao de mtodos de minerao de dados para analise de pacotes e fluxo de dados capturados em uma rede.

Deteco de anomalias no trfico de dados em redes combinando o algoritmo de agrupamentos k-means e tcnicas deteco de outliers.DefiniesNETWORK DATA MINING (NDM)Servem a 2 propsitosGerao do conhecimento sobre os dados de monitoramento analisadosdefinio de regras ou padres que so tpicas para tipos especficos de trfego

Knowledge Discovery in Databases (KDD) . Descoberta de Conhecimento de Banco de DadosO Modelo KDD1) Seleo dos dados brutos. extrao de dados de controle gravados em um perodo de tempo especfico ou observados no monitor.2) o pr-processamento de dados. benfico para efetuar a limpeza e filtragem dos dados a fim de evitar a gerao de regras ou enganosas ou padres inadequados.3) Transformao de dados. Converso dos dados brutos em conjuntos com um pequeno nmero de caractersticas relevantes. Alm disso, pode ser necessrio agregar os dados, a fim de diminuir o nmero de conjuntos de dados.4) Minerao de dados. Neste passo, um algoritmo de minerao de dados aplicado, a fim de encontrar as regras ou padres.5) Interpretao e Avaliao. Avaliado se a etapa de minerao de dados gerado resultados teis e que subconjunto de regras e padres contm a informao mais valiosa. A fim de validar as regras e padres.O Modelo KDD

NDM Approaches

K-Means Clustering of Monitoring DataUtiliza um conjunto de dados de treinamento para separar conjuntos de dados normais de um conjunto anmaloDados brutos e extrao de caractersticas (features)K-meansDeteco de outlies (funo de Distncia)Classificao e deteco de Outlier

EXPERIMENTAL RESULTS

EXPERIMENTAL RESULTSExperimentos com dados sintticosAmbientes de testes Gerao de vrios fluxos TCP, UDP e ICMP de taxa de bits varivel usando o gerador de trfego NPAGExperimentos com dados reaisUso de pacotes gravados em um roteador gateway que liga rede residencial de um estudante com a Internet (tcpdump)ConclusesPermite a implantao do mtodo para a deteco em tempo real, expansvel.

melhora a qualidade de deteco.

Em trabalhos futuros tratar para valores k maiores que 2.

QUESTIONS???

CreditosApresentao realizada na disciplina: Reconhecimento de Padres em 11/10/2012

Professor: David Menotti

Estudante: Luciano Vilas Boas EspiridioMestrando em Cincia da ComputaoDepartamento de Computao DECOMInstituto de Cincias Exatas e Biolgicas ICEBUniversidade Federal de Ouro Preto UFOP


Enhance density peak clustering algorithm for anomaly

Abnormal Network Traffic Detection based on Clustering and ...library.iugaza.edu.ps/thesis/110094.pdf · Abnormal Network Traffic Detection based on Clustering and Classification

Nearest-Neighbor and Clustering based Anomaly Detection … · Nearest-Neighbor and Clustering based Anomaly Detection Algorithms for RapidMiner Mennatallah Amer1 and Markus Goldstein2

Traffic Clustering and Online Traffic Prediction in Vehicle

Anomaly Detection in sea traffic - a comparison of the ...isif.org/fusion/proceedings/fusion09CD/data/papers/0327.pdf · Anomaly detection in sea traffic - a comparison of the Gaussian

BotMiner : Clustering Analysis of Network Traffic for ...faculty.cse.tamu.edu/guofei/paper/botMiner-Security08-slides.pdf · BotMiner : Clustering Analysis of Network Traffic for

Anomaly-based Intrusion Detection from Traffic Datamining on

Network Traffic Anomaly Detection and Characterizationcs.northwestern.edu/~ajb200/anomaly detection paper 1.0.pdf · Network Traffic Anomaly Detection and Characterization Aaron Beach

CISCO TRAFFIC ANOMALY DETECTOR MODULE …protected destination (referred to as a “zone”), such as a server, firewall interface, or router interface. The Traffic Anomaly Detector

A hybrid unsupervised clustering-based anomaly detection

ANOMALY DETECTION USING NETWORK TRAFFIC CHARACTERIZATIONlibrary.iyte.edu.tr/tezler/master/bilgisayaryazilimi/T000819.pdf · ANOMALY DETECTION USING NETWORK TRAFFIC CHARACTERIZATION

Seurat: A Pointillist Approach to Anomaly Detectiondroh/papers/raid04.pdf · 2004. 10. 5. · Keywords: Anomaly detection, Pointillism, Correlation, File updates, Clustering 1 Introduction

Big Trajectory Data Analysis for Clustering and Anomaly ... · Big Trajectory Data Analysis for Clustering and Anomaly Detection Hirokatsu Kataoka, Yoshimitsu Aoki Keio University

An Efficient Approach for Anomaly Detection in Traffic Videos

Clustering on Highways: Study “ Clustering ” of Traffic on Highways

Hybrid Anomaly Detection Using K-means Clustering in WSN

Anomaly Detection in Traffic Scenes via Spatial … Anomaly Detection in...YUAN et al.: ANOMALY DETECTIONIN TRAFFIC SCENES VIA SPATIAL-AWARE MOTION RECONSTRUCTION 1199 in reference

Anomaly Detection in sea traffic - a comparison of the - ISIF

A SEMI-SUPERVISED MODEL FOR NETWORK TRAFFIC ANOMALY DETECTIONicact.org/upload/2015/0556/20150556_finalpaper.pdf · 2015. 6. 24. · Keywords— Network traffic anomaly, anomaly detection,

Network Traffic Anomaly Detection and Characterization

Data mining for anomaly detection in maritime traffic data

Graph Based Clustering for Anomaly Detection in IP Networks

Nearest-Neighbor and Clustering based Anomaly Detection ... · Markus Goldstein: Anomaly Detection Algorithms for RapidMiner 3 Introduction An outlying observation, or outlier, is

A Trajectory Clustering Framework to Analyse Air Traffic Flows

Applying PCA for Traffic Anomaly Detection: Problems and Solutions

Sensitivity of PCA for Traffic Anomaly Detection

Traffic Accident Segmentation by Means of Latent Class ... · examine the effectiveness of a clustering technique, i.e. latent class clustering, for identifying homogenous traffic

Anomaly Detection Systems. 2/87 Contents Statistical methods Systems with learning Clustering in anomaly detection systems

Context-aware Clustering of DNS Query Traffic

Anomaly Detection Algorithms for Malware Traffic Analysis ...pdm12/cse597g-f15/slides/cse597g-traffic-analysis.pdfnetwork traffic for protocol-and structure-independent botnet detection

Hybrid Anomaly Detection using K-Means Clustering in ... Anomaly Detection using K-Means Clustering in Wireless Sensor Networks ... blackhole attack is proposed ... by the proposed

Internet Traffic Clustering Using Packet Header Information

TRAFFIC SCENE ANOMALY DETECTION

Probabilistic models for anomaly detection based on usage of network traffic

Network Traffic Monitoring, Analysis and Anomaly Detection