piwik-script

Deutsch Intern
    Data Science Chair

    Publications by Andreas Hotho

    These publications are hosted by BibSonomy.

    A Toolset for Intrusion and Insider Threat Detection

    Ring, Markus; Wunderlich, Sarah; Grüdl, Dominik; Landes, Dieter; Hotho, Andreas . page 3--31 . Springer International Publishing , Cham , 2017 .

    Company data are a valuable asset and must be protected against unauthorized access and manipulation. In this contribution, we report on our ongoing work that aims to support IT security experts with identifying novel or obfuscated attacks in company networks, irrespective of their origin inside or outside the company network. A new toolset for anomaly based network intrusion detection is proposed. This toolset uses flow-based data which can be easily retrieved by central network components. We study the challenges of analysing flow-based data streams using data mining algorithms and build an appropriate approach step by step. In contrast to previous work, we collect flow-based data for each host over a certain time window, include the knowledge of domain experts and analyse the data from three different views. We argue that incorporating expert knowledge and previous flows allow us to create more meaningful attributes for subsequent analysis methods. This way, we try to detect novel attacks while simultaneously limiting the number of false positives.
    Further Information
    Editor(s) Palomares Carrascosa, Iván; Kalutarage, Harsha Kumara; Huang, Yan
    DOIhttp://dx.doi.org/10.1007/978-3-319-59439-2_1
    Tags 2017  flow  myown  network  security  toolset