WEKO3
アイテム
{"_buckets": {"deposit": "cf725790-429f-4be8-8afc-def7df32a0bf"}, "_deposit": {"created_by": 21, "id": "2686", "owners": [21], "pid": {"revision_id": 0, "type": "depid", "value": "2686"}, "status": "published"}, "_oai": {"id": "oai:ir.soken.ac.jp:00002686", "sets": ["19"]}, "author_link": ["0", "0", "0"], "item_1_biblio_info_21": {"attribute_name": "書誌情報(ソート用)", "attribute_value_mlt": [{"bibliographicIssueDates": {"bibliographicIssueDate": "2011-09-30", "bibliographicIssueDateType": "Issued"}, "bibliographic_titles": [{}]}]}, "item_1_creator_2": {"attribute_name": "著者名", "attribute_type": "creator", "attribute_value_mlt": [{"creatorNames": [{"creatorName": "FONTUGNE, Romain Thibault"}], "nameIdentifiers": [{"nameIdentifier": "0", "nameIdentifierScheme": "WEKO"}]}]}, "item_1_creator_3": {"attribute_name": "フリガナ", "attribute_type": "creator", "attribute_value_mlt": [{"creatorNames": [{"creatorName": "フォンテュニュ, ロマン ティボ"}], "nameIdentifiers": [{"nameIdentifier": "0", "nameIdentifierScheme": "WEKO"}]}]}, "item_1_date_granted_11": {"attribute_name": "学位授与年月日", "attribute_value_mlt": [{"subitem_dategranted": "2011-09-30"}]}, "item_1_degree_grantor_5": {"attribute_name": "学位授与機関", "attribute_value_mlt": [{"subitem_degreegrantor": [{"subitem_degreegrantor_name": "総合研究大学院大学"}]}]}, "item_1_degree_name_6": {"attribute_name": "学位名", "attribute_value_mlt": [{"subitem_degreename": "博士(情報学)"}]}, "item_1_description_1": {"attribute_name": "ID", "attribute_value_mlt": [{"subitem_description": "2011062", "subitem_description_type": "Other"}]}, "item_1_description_12": {"attribute_name": "要旨", "attribute_value_mlt": [{"subitem_description": "Network traffic anomalies stand for a large fraction of the Internet traffic and\r\ncompromise the performance of the network resources. Detecting and diagnos-\r\ning these threats is a laborious and time consuming task that network operators\r\nface daily. During the last decade researchers have concentrated their efforts\r\non this problem and proposed several tools to automate this task. Thereby,\r\nrecent advances in anomaly detection have permitted to detect new or unknown\r\nanomalies by taking advantage of statistical analysis of the traffic. In spite of\r\nthe advantages of these detection methods, researchers have reported several\r\ncommon drawbacks discrediting their use in practice. Indeed, the challenge of\r\nunderstanding the relation between the theory underlying these methods and\r\nthe actual Internet traffic raises several issues. For example, the difficulty of\r\nselecting the optimal parameter set for these methods mitigates their perfor-\r\nmance and prevent network operators from using them. Moreover, due to the\r\nlack of ground truth data, approximate evaluations of these detection methods\r\nprevent to provide accurate feedback on them and increase their reliability. We\r\naddress these issues, first, by proposing a pattern-recognition-based detection\r\nmethod that overcomes the common drawbacks of anomaly detectors based on\r\nstatistical analysis, second, by providing both a benchmark tool that compares\r\nthe results from diverse detectors and ground truth data obtained by combining\r\nseveral anomaly detectors.\r\n\u0026nbsp; \u0026nbsp;The proposed pattern-recognition-based detector takes advantage of image\r\nprocessing techniques to provide intuitive outputs and parameter set. An adap-\r\ntive mechanism automatically tuning its parameter set according to traffic fluc-\r\ntuations is also proposed. The resulting adaptive anomaly detector is easily\r\nusable in practice, performs a high detection rate, and provides intuitive de-\r\nscription of the anomalies allowing to identify their root causes.\r\n\u0026nbsp; \u0026nbsp;A benchmark methodology is also developed in order to compare several\r\ndetectors based on different theoretical background. This methodology allows\r\nresearchers to accurately identify the differences between the results of diverse\r\ndetectors. We employ this methodology along with an unsupervised combina-\r\ntion strategy to combine the output of four anomaly detectors. Thereby, the\r\ncombination strategy increases the overall reliability of the combined detectors\r\nand it detects two times more anomalies than the best detector. We provide\r\nthe results of this combination of detectors in the form of ground truth data\r\ncontaining various anomalies during 10 years of traffic.", "subitem_description_type": "Other"}]}, "item_1_description_18": {"attribute_name": "フォーマット", "attribute_value_mlt": [{"subitem_description": "application/pdf", "subitem_description_type": "Other"}]}, "item_1_description_7": {"attribute_name": "学位記番号", "attribute_value_mlt": [{"subitem_description": "総研大甲第1456号", "subitem_description_type": "Other"}]}, "item_1_select_14": {"attribute_name": "所蔵", "attribute_value_mlt": [{"subitem_select_item": "有"}]}, "item_1_select_16": {"attribute_name": "複写", "attribute_value_mlt": [{"subitem_select_item": "印刷物から複写可"}]}, "item_1_select_17": {"attribute_name": "公開状況", "attribute_value_mlt": [{"subitem_select_item": "全文公開可"}]}, "item_1_select_8": {"attribute_name": "研究科", "attribute_value_mlt": [{"subitem_select_item": "複合科学研究科"}]}, "item_1_select_9": {"attribute_name": "専攻", "attribute_value_mlt": [{"subitem_select_item": "17 情報学専攻"}]}, "item_1_text_10": {"attribute_name": "学位授与年度", "attribute_value_mlt": [{"subitem_text_value": "2011"}]}, "item_creator": {"attribute_name": "著者", "attribute_type": "creator", "attribute_value_mlt": [{"creatorNames": [{"creatorName": "FONTUGNE, Romain Thibault", "creatorNameLang": "en"}], "nameIdentifiers": [{"nameIdentifier": "0", "nameIdentifierScheme": "WEKO"}]}]}, "item_files": {"attribute_name": "ファイル情報", "attribute_type": "file", "attribute_value_mlt": [{"accessrole": "open_date", "date": [{"dateType": "Available", "dateValue": "2016-02-17"}], "displaytype": "simple", "download_preview_message": "", "file_order": 0, "filename": "甲1456_要旨.pdf", "filesize": [{"value": "261.4 kB"}], "format": "application/pdf", "future_date_message": "", "is_thumbnail": false, "licensetype": "license_11", "mimetype": "application/pdf", "size": 261399.99999999997, "url": {"label": "要旨・審査要旨", "url": "https://ir.soken.ac.jp/record/2686/files/甲1456_要旨.pdf"}, "version_id": "5f0a8748-1753-4cf3-be74-dc7758cdf44d"}, {"accessrole": "open_date", "date": [{"dateType": "Available", "dateValue": "2016-02-17"}], "displaytype": "simple", "download_preview_message": "", "file_order": 1, "filename": "甲1456_本文.pdf", "filesize": [{"value": "7.9 MB"}], "format": "application/pdf", "future_date_message": "", "is_thumbnail": false, "licensetype": "license_11", "mimetype": "application/pdf", "size": 7900000.0, "url": {"label": "本文", "url": "https://ir.soken.ac.jp/record/2686/files/甲1456_本文.pdf"}, "version_id": "662238e2-6e7e-48cb-adb2-444740cb7c70"}]}, "item_language": {"attribute_name": "言語", "attribute_value_mlt": [{"subitem_language": "eng"}]}, "item_resource_type": {"attribute_name": "資源タイプ", "attribute_value_mlt": [{"resourcetype": "thesis", "resourceuri": "http://purl.org/coar/resource_type/c_46ec"}]}, "item_title": "Increasing Reliability in Network Traffic Anomaly Detection", "item_titles": {"attribute_name": "タイトル", "attribute_value_mlt": [{"subitem_title": "Increasing Reliability in Network Traffic Anomaly Detection"}, {"subitem_title": "Increasing Reliability in Network Traffic Anomaly Detection", "subitem_title_language": "en"}]}, "item_type_id": "1", "owner": "21", "path": ["19"], "permalink_uri": "https://ir.soken.ac.jp/records/2686", "pubdate": {"attribute_name": "公開日", "attribute_value": "2012-04-02"}, "publish_date": "2012-04-02", "publish_status": "0", "recid": "2686", "relation": {}, "relation_version_is_last": true, "title": ["Increasing Reliability in Network Traffic Anomaly Detection"], "weko_shared_id": -1}
Increasing Reliability in Network Traffic Anomaly Detection
https://ir.soken.ac.jp/records/2686
https://ir.soken.ac.jp/records/2686ce7f41a0-419d-4ae6-9bec-047354defabb
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
要旨・審査要旨 (261.4 kB)
|
||
|
本文 (7.9 MB)
|
| Item type | 学位論文 / Thesis or Dissertation(1) | |||||
|---|---|---|---|---|---|---|
| 公開日 | 2012-04-02 | |||||
| タイトル | ||||||
| タイトル | Increasing Reliability in Network Traffic Anomaly Detection | |||||
| タイトル | ||||||
| 言語 | en | |||||
| タイトル | Increasing Reliability in Network Traffic Anomaly Detection | |||||
| 言語 | ||||||
| 言語 | eng | |||||
| 資源タイプ | ||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_46ec | |||||
| 資源タイプ | thesis | |||||
| 著者名 |
FONTUGNE, Romain Thibault
× FONTUGNE, Romain Thibault |
|||||
| フリガナ |
フォンテュニュ, ロマン ティボ
× フォンテュニュ, ロマン ティボ |
|||||
| 著者 |
FONTUGNE, Romain Thibault
× FONTUGNE, Romain Thibault |
|||||
| 学位授与機関 | ||||||
| 学位授与機関名 | 総合研究大学院大学 | |||||
| 学位名 | ||||||
| 学位名 | 博士(情報学) | |||||
| 学位記番号 | ||||||
| 内容記述タイプ | Other | |||||
| 内容記述 | 総研大甲第1456号 | |||||
| 研究科 | ||||||
| 値 | 複合科学研究科 | |||||
| 専攻 | ||||||
| 値 | 17 情報学専攻 | |||||
| 学位授与年月日 | ||||||
| 学位授与年月日 | 2011-09-30 | |||||
| 学位授与年度 | ||||||
| 2011 | ||||||
| 要旨 | ||||||
| 内容記述タイプ | Other | |||||
| 内容記述 | Network traffic anomalies stand for a large fraction of the Internet traffic and compromise the performance of the network resources. Detecting and diagnos- ing these threats is a laborious and time consuming task that network operators face daily. During the last decade researchers have concentrated their efforts on this problem and proposed several tools to automate this task. Thereby, recent advances in anomaly detection have permitted to detect new or unknown anomalies by taking advantage of statistical analysis of the traffic. In spite of the advantages of these detection methods, researchers have reported several common drawbacks discrediting their use in practice. Indeed, the challenge of understanding the relation between the theory underlying these methods and the actual Internet traffic raises several issues. For example, the difficulty of selecting the optimal parameter set for these methods mitigates their perfor- mance and prevent network operators from using them. Moreover, due to the lack of ground truth data, approximate evaluations of these detection methods prevent to provide accurate feedback on them and increase their reliability. We address these issues, first, by proposing a pattern-recognition-based detection method that overcomes the common drawbacks of anomaly detectors based on statistical analysis, second, by providing both a benchmark tool that compares the results from diverse detectors and ground truth data obtained by combining several anomaly detectors. The proposed pattern-recognition-based detector takes advantage of image processing techniques to provide intuitive outputs and parameter set. An adap- tive mechanism automatically tuning its parameter set according to traffic fluc- tuations is also proposed. The resulting adaptive anomaly detector is easily usable in practice, performs a high detection rate, and provides intuitive de- scription of the anomalies allowing to identify their root causes. A benchmark methodology is also developed in order to compare several detectors based on different theoretical background. This methodology allows researchers to accurately identify the differences between the results of diverse detectors. We employ this methodology along with an unsupervised combina- tion strategy to combine the output of four anomaly detectors. Thereby, the combination strategy increases the overall reliability of the combined detectors and it detects two times more anomalies than the best detector. We provide the results of this combination of detectors in the form of ground truth data containing various anomalies during 10 years of traffic. |
|||||
| 所蔵 | ||||||
| 値 | 有 | |||||
| フォーマット | ||||||
| 内容記述タイプ | Other | |||||
| 内容記述 | application/pdf | |||||
