Talks and Poster Presentations (without Proceedings-Entry):
"Feature Selection for Network Security";
Talk: TU München Informatik-Kolloquium,
Technische Universität München (invited);
IP network security concepts usually combine proactive and reactive
security measures. Proactive methods prevent known and predictable
attacks by access control functions and security protocols for authentication and encryption. Reactive measures supplement preventive
methods by network supervision as basis for the detection of anomalies.
In contrast to proactive security measures, reactive methods can detect novel attacks caused by the exploitation of zero-day vulnerabilities. In order to establish situation awareness from network observations, a set of suitable features is generated from raw network traffic. Nevertheless, finding the most powerful features to detect attacks while keeping supervision effort low is not trivial. In this talk I present methods for selecting suitable features from a range of network traffic measurements. I present recent results on a commonly used data set and show aggregated features for analyzing IP Darkspace traffic.
network security, traffic analysis
Created from the Publication Database of the Vienna University of Technology.