Busca avançada
Ano de início
Entree
(Referência obtida automaticamente do Web of Science, por meio da informação sobre o financiamento pela FAPESP e o número do processo correspondente, incluída na publicação pelos autores.)

A fast unsupervised preprocessing method for network monitoring

Texto completo
Autor(es):
Lopez, Martin Andreoni [1, 2] ; Mattos, Diogo M. F. [3] ; Duarte, Otto Carlos M. B. [1] ; Pujolle, Guy [2]
Número total de Autores: 4
Afiliação do(s) autor(es):
[1] Univ Fed Rio de Janeiro, COPPE, GTA, Rio de Janeiro - Brazil
[2] Sorbonne Univ, CNRS, Lab Informat Paris 6, F-75005 Paris - France
[3] Univ Fed Fluminense, Niteroi, RJ - Brazil
Número total de Afiliações: 3
Tipo de documento: Artigo Científico
Fonte: ANNALS OF TELECOMMUNICATIONS; v. 74, n. 3-4, SI, p. 139-155, APR 2019.
Citações Web of Science: 0
Resumo

Identifying a network misuse takes days or even weeks, and network administrators usually neglect zero-day threats until a large number of malicious users exploit them. Besides, security applications, such as anomaly detection and attack mitigation systems, must apply real-time monitoring to reduce the impacts of security incidents. Thus, information processing time should be as small as possible to enable an effective defense against attacks. In this paper, we present a fast preprocessing method for network traffic classification based on feature correlation and feature normalization. Our proposed method couples a normalization and feature selection algorithms. We evaluate the proposed algorithms against three different datasets for eight different machine learning classification algorithms. Our proposed normalization algorithm reduces the classification error rate when compared with traditional methods. Our feature selection algorithm chooses an optimized subset of features improving accuracy by more than 11% within a 100-fold reduction in processing time when compared to traditional feature selection and feature reduction algorithms. The preprocessing method is performed in batch and streaming data, being able to detect concept-drift. (AU)

Processo FAPESP: 14/50937-1 - INCT 2014: da Internet do Futuro
Beneficiário:Fabio Kon
Linha de fomento: Auxílio à Pesquisa - Temático
Processo FAPESP: 15/24485-9 - Internet do futuro aplicada a cidades inteligentes
Beneficiário:Fabio Kon
Linha de fomento: Auxílio à Pesquisa - Temático
Processo FAPESP: 15/24514-9 - Projeto stream: segurança em tempo real com elasticidade, analítica e monitoramento
Beneficiário:Otto Carlos Muniz Bandeira Duarte
Linha de fomento: Auxílio à Pesquisa - Regular