Skip to Main content Skip to Navigation
Conference papers

Novelty detection on graph structured data to detect network intrusions

Abstract : It is difficult to detect new types of attacks in heterogeneous and scalable networks in time without generating too many false alarms. While supervised anomaly detection techniques are often used to that end, security experts generally do not have labeled datasets. That's why unsupervised learning, that does not require labeled data, should be preferred. With sec2graph [4], we introduced a representation of security events in the form of a graph linking what we defined as security objects and proposed a method for anomaly detection based on auto-encoders. This representation allows a rich description of the events that are analyzed. In this paper, we apply our approach to the CICIDS2018 dataset and show that our method outperforms classical event modeling and anomaly detection approaches.
Complete list of metadata

https://hal.inria.fr/hal-03115308
Contributor : Ludovic Mé Connect in order to contact the contributor
Submitted on : Monday, February 15, 2021 - 4:12:33 PM
Last modification on : Wednesday, November 3, 2021 - 8:14:41 AM
Long-term archiving on: : Sunday, May 16, 2021 - 7:49:56 PM

File

CAID2020.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03115308, version 1

Citation

Laetitia Leichtnam, Eric Totel, Nicolas Prigent, Ludovic Mé. Novelty detection on graph structured data to detect network intrusions. CAID 2020 - Conference on Artificial Intelligence for Defense, Dec 2020, Virtual, France. ⟨hal-03115308⟩

Share

Metrics

Les métriques sont temporairement indisponibles