XOR DETEKTOR KONFLIKTNIH ODLUKA O ANOMALIJAMA U RAČUNARSKIM MREŽAMA

eBibliothek Repositorium

 
 

XOR DETEKTOR KONFLIKTNIH ODLUKA O ANOMALIJAMA U RAČUNARSKIM MREŽAMA

Zur Langanzeige

Titel: XOR DETEKTOR KONFLIKTNIH ODLUKA O ANOMALIJAMA U RAČUNARSKIM MREŽAMA
Autor: Protić, Danijela
Zusammenfassung: Anomaly detection is the recognition of suspicious computer network behavior by comparing unknown network traffic to a statistical model of normal network behavior. Binary classifiers based on supervised machine learning are good candidates for normality detection. This thesis presents five standard binary classifiers: the k-nearest neighbors, weighted k-nearest neighbors, decision trees, support vector machines and feedforward neural network. The main problem with supervised learning is that it takes a lot of data to train high-precision classifiers. To reduce the training time with minimal degradation of the accuracy of the models, a two-phase pre-processing step is performed. In the first phase, numeric attributes are selected to reduce the dataset. The second phase is a novel normalization method based on hyperbolic the tangent function and the damping strategy of the Levenberg-Marquardt algorithm. The Kyoto 2006+ dataset, the only publicly available data set of real-world network traffic intended solely for anomaly detection research in computer networks, was used to demonstrate the positive impact of such pre-processing on classifier training time and accuracy. Of all the selected classifiers, the feedforward neural network has the highest processing speed, while the weighted k-nearest neighbor model proved to be the most accurate. The assumption is that when the classifiers work concurrently, they should detect either an anomaly or normal network traffic, which occasionally is not the case, resulting in different decision about the anomaly, i.e. a conflict arises. The conflicting decision detector performs a logical exclusive OR (XOR) operation on the outputs of the classifiers. If both classifiers simultaneously detected an anomaly or recognized traffic as normal, their decision was no conflict had occurred. Otherwise a conflict is detected. The number of conflicts detected provides an opportunity for additional detection of changes in computer network behavior.
URI: http://hdl.handle.net/123456789/5599
Datum: 2023

Dateien zu dieser Ressource

Dateien Größe Format Anzeige
Danijela Protic - Doktorska Disertacija.pdf 3.143Mb PDF Öffnen

Die folgenden Lizenzbestimmungen sind mit dieser Ressource verbunden:

Das Dokument erscheint in:

Zur Langanzeige