TY - CPAPER U1 - Konferenzveröffentlichung A1 - Heine, Felix A1 - Kleiner, Carsten A1 - Klostermeyer, Philip A1 - Ahlers, Volker A1 - Laue, Tim A1 - Wellermann, Nils ED - Aïmeur, Esma ED - Laurent, Maryline ED - Yaich, Reda ED - Dupont, Benoît ED - Garcia-Alfaro, Joaquin T1 - Detecting Attacks in Network Traffic Using Normality Models: The Cellwise Estimator T2 - Foundations and Practice of Security : 14th International Symposium, FPS 2021, Paris, France, December 7–10, 2021, Revised Selected Papers N2 - Although machine learning (ML) for intrusion detection is attracting research, its deployment in practice has proven difficult. Major hindrances are that training a classifier requires training data with attack samples, and that trained models are bound to a specific network. To overcome these problems, we propose two new methods for anomaly-based intrusion detection. Both are trained on normal-only data, making deployment much easier. The first approach is based on One-class SVMs, while the second leverages our novel Cellwise Estimator algorithm, which is based on multidimensional OLAP cubes. The latter has the additional benefit of explainable output, in contrast to many ML methods like neural networks. The created models capture the normal behavior of a network and are used to find anomalies that point to attacks. We present a thorough evaluation using benchmark data and a comparison to related approaches showing that our approach is competitive. KW - Network Intrusion Detection KW - Machine Learning KW - Anomaly Detection KW - Multidimensional Data KW - OLAP Cubes KW - Netzwerk KW - Maschinelles Lernen KW - Anomalieerkennung KW - Eindringerkennung KW - Computersicherheit KW - Iceberg Condition Y1 - 2022 UN - https://nbn-resolving.org/urn:nbn:de:bsz:960-opus4-34621 SN - 1611-3349 SS - 1611-3349 SN - 978-3-031-08147-7 SB - 978-3-031-08147-7 U6 - https://doi.org/10.25968/opus-3462 DO - https://doi.org/10.25968/opus-3462 SP - 265 EP - 282 PB - Springer CY - Cham ER -