Data mining aims to extract from huge amount of data stochastic theories, called knowledge models, to explain or predict complex phenomenon. In this paper we propose new distributed data mining algorithms to recognize network attacks against a set of devices from statistic data generated locally by each device according to the standard Simple Network Management Protocol (SNMP) available in each modern operating systems. The idea is to place an autonomous mining resource in each network node that cooperates with its neighbors in a peer-to-peer fashion in order to reciprocally improve their detection capabilities. Differently from existing security solutions, which are based on centralized databases of attack signatures and transmissions of huge amount of raw traffic data, in this solution the network nodes exchange local knowledge models of few hundred bytes. The approach efficacy has been validated performing experiments with several types of attacks, with different network topologies and distributions of attacks so as to also test the node capability of detecting unknown attacks.
W. Cerroni, G. Moro, T. Pirini, M. Ramilli (2013). Peer-to-peer data mining classifiers for decentralized detection of network attacks. Darlinghurst : Australian Computer Society, Inc..
Peer-to-peer data mining classifiers for decentralized detection of network attacks
CERRONI, WALTER;MORO, GIANLUCA;PIRINI, TOMMASO;
2013
Abstract
Data mining aims to extract from huge amount of data stochastic theories, called knowledge models, to explain or predict complex phenomenon. In this paper we propose new distributed data mining algorithms to recognize network attacks against a set of devices from statistic data generated locally by each device according to the standard Simple Network Management Protocol (SNMP) available in each modern operating systems. The idea is to place an autonomous mining resource in each network node that cooperates with its neighbors in a peer-to-peer fashion in order to reciprocally improve their detection capabilities. Differently from existing security solutions, which are based on centralized databases of attack signatures and transmissions of huge amount of raw traffic data, in this solution the network nodes exchange local knowledge models of few hundred bytes. The approach efficacy has been validated performing experiments with several types of attacks, with different network topologies and distributions of attacks so as to also test the node capability of detecting unknown attacks.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
