Novelty detection on graph structured data to detect network intrusions - Archive ouverte HAL Access content directly
Conference Papers Year :

Novelty detection on graph structured data to detect network intrusions

(1) , (2) , (3) , (4)
1
2
3
4

Abstract

It is difficult to detect new types of attacks in heterogeneous and scalable networks in time without generating too many false alarms. While supervised anomaly detection techniques are often used to that end, security experts generally do not have labeled datasets. That's why unsupervised learning, that does not require labeled data, should be preferred. With sec2graph [4], we introduced a representation of security events in the form of a graph linking what we defined as security objects and proposed a method for anomaly detection based on auto-encoders. This representation allows a rich description of the events that are analyzed. In this paper, we apply our approach to the CICIDS2018 dataset and show that our method outperforms classical event modeling and anomaly detection approaches.
Fichier principal
Vignette du fichier
CAID2020.pdf (321.39 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03115308 , version 1 (15-02-2021)

Identifiers

  • HAL Id : hal-03115308 , version 1

Cite

Laetitia Leichtnam, Eric Totel, Nicolas Prigent, Ludovic Mé. Novelty detection on graph structured data to detect network intrusions. CAID 2020 - Conference on Artificial Intelligence for Defense, Dec 2020, Virtual, France. ⟨hal-03115308⟩
167 View
375 Download

Share

Gmail Facebook Twitter LinkedIn More