Network Anomaly Detection: A Machine Learning Pers

文件名称: Network Anomaly Detection: A Machine Learning Perspective

所属分类: 网络安全

开发工具:

文件大小: 6mb

下载次数: 0

上传时间: 2019-03-15

提供者: happy*****

下载 (6mb)

不能下载？报告错误

详细说明：网络异常侦测系统理论书籍。实验时可以参考。谢谢大家支持。 Dedication This book is dedicated to my loving wife, Chayanika, who constantly encouraged, inspired and cooperated with me in the successful comple tion of this humble work Dhruba Kumar Bhattacharyya This book is lovingly dedicated to my father(deuta Benudhar kalita an accomplished author who passed away recently, and of whom I have fond memories, and my mother(maa), Nirala Kalita, a school teacher who has been gone for sixteen years. They are surely looking dowr from heaven. It is also dcdicatcd to my 7-ycar-old daughter Ananya Lonie, who I hope will grow to be a smart, thoughtful, compassionate complished woman Jugal Kumar Kalita Contents List of Figures List of tables Preface XXI Acknowledgements XXII Abstract XXV Authors 1 Introduction 1.1 The Internet and modern Networks 1.2 Nctwork Vulnerabilities 4 1.3 Anomalies and anomalies in networks 1.4 Machine learnin 5 Prior Work on Network Anomaly Detection 1. 6 Contributions of this book 1.7 Organization 13 2 Networks and anomalies 17 2.1 Networking B 2. 1.1 Typical View of a Network 18 2.1.2 Communication edia 18 2.1.2.1 Guided m 19 2.1.2.2 Unguided media 2. 1. 3 Network Software 2.1.3.1 Laycrcd Architecture 2.1.3.2 Connection-oriented and Connectionless 2.1.3.3 Service Pr 23 2.1.3.4 Services and Protocols 24 2.1.4 Reference models 2.1.4.1 The Iso osi Relerence Model 2.1.4.2 TCP/IP Reference Model 2.1.5 Protocols 2.1.5.1 Transport Control Protocol 2.1.5.2 User Datagram Pi 90 2.1.5.3 Internet Protocol (IP) 30 2.1.5.4SMTP 31 2.1.5.5SNMP 2.1.5.6ICMP 2.1.5.7FT 32 2.1.5.8 Telnet 2.1.6 Types of Networks 2.1.6.1 Local Area Networks (LAN) 2. 1.6. 2 Wide Area NetworkS(WAN 2.1.6.3 Metropolitan Area Network(MAN) 2. 1.6.4 Wireless networks .34 2. 1.6.5 Internetworks 35 2.1.6.6 The Internet 2.1.7 Scales of networks 2.1. 8 Network Topologies 37 2.1.8.1Bus,,, 2.1.8.2Ring 2.1.8.3T 2.1.8.4Star 2.1.9 Hardware Components .39 2.1.9.1 Network Communication Devices 39 2.1.9.2 Network Interface Card (NIC) 43 2.1.9.3 Transceivers 44 2.1.9. 4 Media Converter 45 2.1.10 Network Performance 45 2.1.10.1 Network Performance Constraints 45 2.1.10.2 Network Performance Parameter Tun- ng 2.1.10.3 Pcrformancc Oricnted Systcm Design. 46 2.1.10.4 Protocols for Gigabit Net works 47 2.1.10.5 Faster Processing of TPDU 2.2 Anomalies in a Network 2.2.1 Network vulnerabilities 4 2.2.1.1 Network Configuration Vulnerabilities. 48 2.2.1.2 Network hardware Vulnerabilities 49 2.2.1.3 Network Perimeter Vulnerabilities 50 2.2.1.4 Network Monitoring and Logging Vul nerabllitles 50 2.2.1.5 Communication Vulnerabilities 2.2.1.6 Wireless connection vulnerabilities 51 2. 2.2 Security-Related Network Anomalies 51 2.2.3 Who Attacks networks 52 2.2.4 Precursors to an Attack 53 2.2.5 Network Attacks Taxonom 54 2.2.5.1 Denial of Service(DoS) 55 2. 2.5.2 User to Root Attacks(U2R) 56 2.2.5.3 Remote to Local(R2L 56 2.2.5.4 Probc, 57 2.2.6 Discussion 57 3 An Overview of Machine Learning Methods 59 3.1 Introducti 5 3.2 Types of Machine Learning Methods 3.3 Supervised Learning: Some Popular Methods ..... 62 3.3.1 Decision and Regression .63 3.3.1.1 Classification and Regression Tree .. 64 3.3.2 Support Vcctor Machines 69 3.4 Unsupervised Learning 3.4.1 Cluster Analysis 3.4.1.1 Various Types of Data 3.4.1.2 Proximity Measures 74 3.4.1.3 Clustering Methods 75 3.4.1.4 Discussion 89 3.4.2 Outlier mining 3.4.3 Association Rule Learning 3.4.3. 1 Basic Concepts 99 3.4.4 Frcqucnt Itcmsct Mining Algorithms ..101 3.4.5 Rule generation algorithms 105 3.4.6 Discussion 107 3.5 Probabilistic Learning.·· 3.5. 1 Learning Bayes Nels 10 3.5.2 Simple Probabilistic canin alvc Baros .109 3.5.3 Hidden markov models 110 3.5.4 Expectation Maximization Algorithm 112 3.6 Soft Computing 114 3.6.1 Artificial Neural Networks .115 3.6.2 Rough Se 115 3.6. 3 Fuzzy logic .116 3.6.4 Evolutionary Computation 117 3.6.5 Ant Colony Optimization 117 3.7 Reinforcement Learning 118 3.8 Hybrid Learning Methods 119 3.9 Discussion 120 4.1 Detection of Network Anomalies at etecting Anomalies in Networl 123 4.1.1 Host-Based IDS(HIDS) 123 4.1.2 Network-Based IDS(NIDS 124 4.1.4 Supervised Anomaly Detection Approach ou 4.1.3 Anomaly-Based Network Intrusion Deleclic 125 126 4.1.5 Issues 131 4.1.6 Unsupervised Anomaly Detection Approach... 131 4.1.7 Issues 134 4.1.8 Hybrid Detection Approach 134 4.1.9 Issues 135 4.2 Aspects of Network Anomaly Detection 4.2.1 Proximity Measure and types of Data...... 136 1.2.2 Relevant feature identification 4.2.3 Anomaly Score 137 4.3 Datasets 4.3.1 Public datasets 143 4.3.1.1 KDD Cup 1999 Dataset 143 4.3.2 Private Datasets: Collection and Preparation.145 4.3.1.2 NSL-KDD Dataset 4.3.2.1 TUIDS Intrusion Dataset .,.146 4.3.3 Network Simulation 4. 4 Discussion 153 5 Feature selection 159 5.1 Feature Selection vs. Feature Extraction .160 5.2 Feature relevance 160 5. 3 Advantagcs 5.4 Applications of Feature Selection 162 5.4.1 Bioinformatics 162 5.4.2 Network Security ,,,,,,,163 5.4.3 Text Categorization 164 5.4.4 Biometrics 164 5.1.5 Content-Based Image Retrieval 5.5 Prior Surveys on Feature Selection 165 5.5.1 A Comparison with Prior Surveys 165 5.6 Problem formulation 168 5.7 Steps in Feature Selection ..169 5.7.1 Subset generation 170 5.7.1.1 Random Subset generation .170 5.7.1.2 Heuristic Subset Generation 170 5.7.1.3 Complete Subset generation .171 5.7.2 Feature Subset Evaluation 5.7.2.1 Dependent criteria .171 5.7.2.2 Independent Criteria l71 5.7.3 Goodness criteria 5.7.4 Result validation · 5.7.4.1 External Validation .172 5.7.1.2 Internal validation .172 5. 8 Feature Selection Methods: A Taxonomy 173 5.9 Existing Methods of Feature Selection 175 5.9.1 Statistical Fealure Selection 176 5.9.2 Inform Theoretic Feature Selection .,.178 5.9.3 Soft Computing methods 180 5.9.4 Clustering and Association Mining Approach 181 5.9.5 Ensemble Approach 5.10 Subset Evalualion Measures 83 5.10.1 Inconsistency rate 183 5.10.2 Relevance 5.10.3 Symmetric Uncertaint .184 5.10.4 Dependency 5. 10.5 Fuzzy Entropy 5.10.6 Lamming loss .186 5.10.7 Ranking le 186 5.11 Systems and Tools for Feature Selection 186 5.12 Discussion 191

(系统自动生成,下载前可以参看下载内容)