| 1. Identificação | |
| Tipo de Referência | Artigo em Evento (Conference Proceedings) |
| Site | mtc-m16b.sid.inpe.br |
| Código do Detentor | isadg {BR SPINPE} ibi 8JMKD3MGPCW/3DT298S |
| Repositório | sid.inpe.br/mtc-m17@80/2007/12.03.18.35 |
| Última Atualização | 2007:12.03.18.35.19 (UTC) administrator |
| Repositório de Metadados | sid.inpe.br/mtc-m17@80/2007/12.03.18.35.20 |
| Última Atualização dos Metadados | 2018:06.05.03.35.54 (UTC) administrator |
| Chave Secundária | INPE--PRE/ |
| Chave de Citação | GrégioSantMont:2007:EvDaMi |
| Título | Evaluation of data mining techniques for suspicious network activity classification using honeypots data  |
| Ano | 2007 |
| Data de Acesso | 22 maio 2024 |
| Tipo Secundário | PRE CI |
| Número de Arquivos | 1 |
| Tamanho | 141 KiB |
| 2. Contextualização | |
| Autor | 1 Grégio, André Ricardo Abed 2 Santos, R. 3 Montes, Antonio |
| Grupo | 1 LAC-INPE-MCT-BR |
| Afiliação | 1 Instituto Nacional de Pesquisas Espaciais (INPE) |
| Nome do Evento | SPIE: Optics and Photonics 2007; Symposium on Coastal Ocean Remote Sensing, (OP403). |
| Localização do Evento | San Diego, CA |
| Data | 26-30 Aug. |
| Histórico (UTC) | 2007-12-03 18:35:20 :: simone -> administrator :: 2012-10-24 00:07:15 :: administrator -> simone :: 2007 2013-02-20 15:20:10 :: simone -> administrator :: 2007 2018-06-05 03:35:54 :: administrator -> marciana :: 2007 |
| 3. Conteúdo e estrutura | |
| É a matriz ou uma cópia? | é a matriz |
| Estágio do Conteúdo | concluido |
| Transferível | 1 |
| Tipo do Conteúdo | External Contribution |
| Palavras-Chave | Computer Security Data Mining Log Analysis Intrusion Detection Artificial Intelligence |
| Resumo | As the amount and types of remote network services increase, the analysis of their logs has become a very difficult and time consuming task. There are several ways to filter relevant information and provide a reduced log set for analysis, such as whitelisting and intrusion detection tools, but all of them require too much fine- tuning work and human expertise. Nowadays, researchers are evaluating data mining approaches for intrusion detection in network logs, using techniques such as genetic algorithms, neural networks, clustering algorithms, etc. Some of those techniques yield good results, yet requiring a very large number of attributes gathered by network traffic to detect useful information. In this work we apply and evaluate some data mining techniques (K-Nearest Neighbors, Artificial Neural Networks and Decision Trees) in a reduced number of attributes on some log data sets acquired from a real network and a honeypot, in order to classify traffic logs as normal or suspicious. The results obtained allow us to identify unlabeled logs and to describe which attributes were used for the decision. This approach provides a very reduced amount of logs to the network administrator, improving the analysis task and aiding in discovering new kinds of attacks against their networks. |
| Área | COMP |
| Arranjo | urlib.net > BDMCI > Fonds > Produção anterior à 2021 > LABAC > Evaluation of data... |
| Conteúdo da Pasta doc | acessar |
| Conteúdo da Pasta source | não têm arquivos |
| Conteúdo da Pasta agreement | não têm arquivos |
| 4. Condições de acesso e uso | |
| URL dos dados | http://urlib.net/ibi/sid.inpe.br/mtc-m17@80/2007/12.03.18.35 |
| URL dos dados zipados | http://urlib.net/zip/sid.inpe.br/mtc-m17@80/2007/12.03.18.35 |
| Arquivo Alvo | evaluation of data.pdf |
| Grupo de Usuários | administrator simone |
| Visibilidade | shown |
| 5. Fontes relacionadas | |
| Unidades Imediatamente Superiores | 8JMKD3MGPCW/3ESGTTP |
| Acervo Hospedeiro | lcp.inpe.br/ignes/2004/02.12.18.39 cptec.inpe.br/walmeida/2003/04.25.17.12 |
| 6. Notas | |
| Campos Vazios | archivingpolicy archivist booktitle callnumber copyholder copyright creatorhistory descriptionlevel dissemination documentstage doi e-mailaddress edition editor electronicmailaddress format identifier isbn issn label language lineage mark mirrorrepository nextedition notes numberofvolumes orcid organization pages parameterlist parentrepositories previousedition previouslowerunit progress project publisher publisheraddress readergroup readpermission resumeid rightsholder schedulinginformation secondarydate secondarymark serieseditor session shorttitle sponsor subject tertiarymark tertiarytype type url versiontype volume |
| 7. Controle da descrição | |
| e-Mail (login) | marciana |
| atualizar | |