Detecting Attacks in Network Traffic Using Normality Models: The Cellwise Estimator
- Although machine learning (ML) for intrusion detection is attracting research, its deployment in practice has proven difficult. Major hindrances are that training a classifier requires training data with attack samples, and that trained models are bound to a specific network. To overcome these problems, we propose two new methods for anomaly-based intrusion detection. Both are trained on normal-only data, making deployment much easier. The first approach is based on One-class SVMs, while the second leverages our novel Cellwise Estimator algorithm, which is based on multidimensional OLAP cubes. The latter has the additional benefit of explainable output, in contrast to many ML methods like neural networks. The created models capture the normal behavior of a network and are used to find anomalies that point to attacks. We present a thorough evaluation using benchmark data and a comparison to related approaches showing that our approach is competitive.
Download full text files
Akzeptiertes Manuskript des Beitrags
Additional Services
Statistics
| Author: | Felix HeineORCiDGND, Carsten KleinerORCiDGND, Philip KlostermeyerORCiD, Volker AhlersORCiDGND, Tim Laue, Nils Wellermann |
|---|---|
| URN: | urn:nbn:de:bsz:960-opus4-34621 |
| DOI: | https://doi.org/10.25968/opus-3462 |
| DOI original: | https://doi.org/10.1007/978-3-031-08147-7_18 |
| ISBN: | 978-3-031-08147-7 |
| ISSN: | 1611-3349 |
| Parent Title (English): | Foundations and Practice of Security : 14th International Symposium, FPS 2021, Paris, France, December 7–10, 2021, Revised Selected Papers |
| Publisher: | Springer |
| Place of publication: | Cham |
| Editor: | Esma Aïmeur, Maryline Laurent, Reda Yaich, Benoît Dupont, Joaquin Garcia-Alfaro |
| Document Type: | Conference Proceeding |
| Language: | English |
| Year of Completion: | 2022 |
| Publishing Institution: | Hochschule Hannover |
| Release Date: | 2025/01/22 |
| Tag: | Anomaly Detection; Iceberg Condition; Machine Learning; Multidimensional Data; Network Intrusion Detection; OLAP Cubes |
| GND Keyword: | NetzwerkGND; Maschinelles LernenGND; AnomalieerkennungGND; EindringerkennungGND; ComputersicherheitGND |
| First Page: | 265 |
| Last Page: | 282 |
| Institutes: | Fakultät IV - Wirtschaft und Informatik |
| DDC classes: | 004 Informatik |
| Licence (German): |  Urheberrechtlich geschützt |
