Journal ArticleDOI
An empirical comparison of botnet detection methods
Reads0
Chats0
TLDR
It is concluded that comparing methods indeed helps to better estimate how good the methods are, to improve the algorithms, to build better datasets and to build a comparison methodology.About:
This article is published in Computers & Security.The article was published on 2014-09-01. It has received 640 citations till now. The article focuses on the topics: Botnet & Anomaly detection.read more
Citations
More filters
Journal ArticleDOI
Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study
TL;DR: A survey of deep learning approaches for cyber security intrusion detection, the datasets used, and a comparative study to evaluate the efficiency of several methods are presented.
Journal ArticleDOI
A Survey of Network-based Intrusion Detection Data Sets
TL;DR: In this article, the authors provide a focused literature survey of data sets for network-based intrusion detection and describes the underlying packet-and flow-based network data in detail, identifying 15 different properties to assess the suitability of individual data sets.
Journal ArticleDOI
A Survey of Deep Learning Methods for Cyber Security
TL;DR: This survey paper describes a literature review of deep learning methods for cyber security applications, including deep autoencoders, restricted Boltzmann machines, recurrent neural networks, generative adversarial networks, and several others.
Data preprocessing for anomaly based network intrusion detection : a review
Jonathan J. Davis,Andrew Clark +1 more
TL;DR: The review finds that many NIDS limit their view of network traffic to the TCP/IP packet headers, and shows a trend toward deeper packet inspection to construct more relevant features through targeted content parsing.
Journal ArticleDOI
A Survey of Random Forest Based Methods for Intrusion Detection Systems
TL;DR: This work provides a comprehensive review of the general basic concepts related to Intrusion Detection Systems, including taxonomies, attacks, data collection, modelling, evaluation metrics, and commonly used methods.
References
More filters
Journal ArticleDOI
The WEKA data mining software: an update
TL;DR: This paper provides an introduction to the WEKA workbench, reviews the history of the project, and, in light of the recent 3.6 stable release, briefly discusses what has been added since the last stable version (Weka 3.4) released in 2003.
Journal ArticleDOI
On ordered weighted averaging aggregation operators in multicriteria decisionmaking
TL;DR: A type of operator for aggregation called an ordered weighted aggregation (OWA) operator is introduced and its performance is found to be between those obtained using the AND operator and the OR operator.
Journal ArticleDOI
The expectation-maximization algorithm
TL;DR: The EM (expectation-maximization) algorithm is ideally suited to problems of parameter estimation, in that it produces maximum-likelihood (ML) estimates of parameters when there is a many-to-one mapping from an underlying distribution to the distribution governing the observation.
Proceedings ArticleDOI
Mining anomalies using traffic feature distributions
TL;DR: It is argued that the distributions of packet features observed in flow traces reveals both the presence and the structure of a wide range of anomalies, and that using feature distributions, anomalies naturally fall into distinct and meaningful clusters that can be used to automatically classify anomalies and to uncover new anomaly types.
Proceedings ArticleDOI
Diagnosing network-wide traffic anomalies
TL;DR: A general method based on a separation of the high-dimensional space occupied by a set of network traffic measurements into disjoint subspaces corresponding to normal and anomalous network conditions to diagnose anomalies is proposed.