摘要:
Wireless sensor networks are mostly vulnerable to attacks. It's difficult to find /track attacker due to mobility. Indeed, the numbers of new attacks as well as their sophistication are continuously increasing. Diametrically opposite strategy has been studied in the last few years such as unsupervised anomaly detection (UAD). UAD uses data mining techniques to extract patterns and uncover similar structures "hidden" in unlabeled traffic or unknown nature (attack or normal operation traffic), without relying on Digital signatures or baseline traffic profiles. Based on the observation that attacks, particularly the most difficult ones to detect are contained in a small fraction of traffic flows with respect to normal operation traffic so we propose a paramount advantage of unsupervised, knowledge- independent detection algorithms based on clustering. The main aim is to combine the clustering results provided by multiple independent partitions of the same set of flows and filtering out biased groupings. We focus on the detection and characterization of standard and well-known attacks, which facilitates the interpretation of results. Denial of service (DOS), distributed DOS (DDOS), network scans, and worm propagation are examples of such standard network attacks. The approach can easily be generalized to detect other kinds of anomalies and attacks.
展开
扫一扫
711
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
