Abstract
The object of the study is the detection of network anomalies - an important and dynamically developing area of research. The article discusses the main aspects of network anomaly detection. Principles are formulated that allow generalization of various anomaly detection methods. The attacks that network intrusion detection systems typically face are presented, along with the characteristics and types of intrusion detection methods. Network anomalies are considered as manifestations of network attacks, which makes it possible to classify anomalies. The analysis of iterative sources showed that, despite the breadth of coverage of various methods, subject areas and tasks for detecting network anomalies, less attention is paid to the key issue - the analysis of network anomaly metrics and the rationale for choosing the relevant metric in a particular case. The paper presents types, characteristics and examples of network anomalies. To classify and facilitate the detection of network anomalies, metrics are proposed that are based on proximity measures for numeric, categorical, and mixed data types that characterize anomalies. The network anomaly detection problem is presented as a classification or clustering problem. The components that characterize this problem are identified, namely types of input data, acceptability of proximity measures, data labeling, classification of methods based on the use of labeled data, identifying relevant features and reporting anomalies. An approach is described that allows you to timely generate the required set of metrics, which will ensure not only the formation of preventive countermeasures, but also allow you to assess the current state of the security system as a whole. In addition, it provides the possibility of forming multi-circuit security systems, taking into account the influence (integration) of targeted (mixed) attacks on infrastructure elements, as well as the possibility of their synthesis with social engineering methods.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Innovative Technologies and Scientific Solutions for Industries
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
