Cargando…
Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data
Being able to timely detect new kinds of attacks in highly distributed, heterogeneous and evolving networks without generating too many false alarms is especially challenging. Many researchers proposed various anomaly detection techniques to identify events that are inconsistent with past observatio...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7338149/ http://dx.doi.org/10.1007/978-3-030-52683-2_12 |
| _version_ | 1783554619106918400 |
|---|---|
| author | Leichtnam, Laetitia Totel, Eric Prigent, Nicolas Mé, Ludovic |
| author_facet | Leichtnam, Laetitia Totel, Eric Prigent, Nicolas Mé, Ludovic |
| author_sort | Leichtnam, Laetitia |
| collection | PubMed |
| description | Being able to timely detect new kinds of attacks in highly distributed, heterogeneous and evolving networks without generating too many false alarms is especially challenging. Many researchers proposed various anomaly detection techniques to identify events that are inconsistent with past observations. While supervised learning is often used to that end, security experts generally do not have labeled datasets and labeling their data would be excessively expensive. Unsupervised learning, that does not require labeled data should then be used preferably, even if these approaches have led to less relevant results. We introduce in this paper a unified and unique graph representation called security objects’ graphs. This representation mixes and links events of different kinds and allows a rich description of the activities to be analyzed. To detect anomalies in these graphs, we propose an unsupervised learning approach based on auto-encoder. Our hypothesis is that as security objects’ graphs bring a rich vision of the normal situation, an auto-encoder is able to build a relevant model of this situation. To validate this hypothesis, we apply our approach to the CICIDS2017 dataset and show that although our approach is unsupervised, its detection results are as good, and even better than those obtained by many supervised approaches. |
| format | Online Article Text |
| id | pubmed-7338149 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-73381492020-07-07 Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data Leichtnam, Laetitia Totel, Eric Prigent, Nicolas Mé, Ludovic Detection of Intrusions and Malware, and Vulnerability Assessment Article Being able to timely detect new kinds of attacks in highly distributed, heterogeneous and evolving networks without generating too many false alarms is especially challenging. Many researchers proposed various anomaly detection techniques to identify events that are inconsistent with past observations. While supervised learning is often used to that end, security experts generally do not have labeled datasets and labeling their data would be excessively expensive. Unsupervised learning, that does not require labeled data should then be used preferably, even if these approaches have led to less relevant results. We introduce in this paper a unified and unique graph representation called security objects’ graphs. This representation mixes and links events of different kinds and allows a rich description of the activities to be analyzed. To detect anomalies in these graphs, we propose an unsupervised learning approach based on auto-encoder. Our hypothesis is that as security objects’ graphs bring a rich vision of the normal situation, an auto-encoder is able to build a relevant model of this situation. To validate this hypothesis, we apply our approach to the CICIDS2017 dataset and show that although our approach is unsupervised, its detection results are as good, and even better than those obtained by many supervised approaches. 2020-06-11 /pmc/articles/PMC7338149/ http://dx.doi.org/10.1007/978-3-030-52683-2_12 Text en © Springer Nature Switzerland AG 2020 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Article Leichtnam, Laetitia Totel, Eric Prigent, Nicolas Mé, Ludovic Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data |
| title | Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data |
| title_full | Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data |
| title_fullStr | Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data |
| title_full_unstemmed | Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data |
| title_short | Sec2graph: Network Attack Detection Based on Novelty Detection on Graph Structured Data |
| title_sort | sec2graph: network attack detection based on novelty detection on graph structured data |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7338149/ http://dx.doi.org/10.1007/978-3-030-52683-2_12 |
| work_keys_str_mv | AT leichtnamlaetitia sec2graphnetworkattackdetectionbasedonnoveltydetectionongraphstructureddata AT toteleric sec2graphnetworkattackdetectionbasedonnoveltydetectionongraphstructureddata AT prigentnicolas sec2graphnetworkattackdetectionbasedonnoveltydetectionongraphstructureddata AT meludovic sec2graphnetworkattackdetectionbasedonnoveltydetectionongraphstructureddata |