| dc.contributor | | pt-BR |
| dc.creator | Alves Ferreira, Eduardo | |
| dc.creator | Mello, Rodrigo Fernandes | |
| dc.date | 2013-05-13 | |
| dc.date.accessioned | 2018-11-07T21:08:51Z | |
| dc.date.available | 2018-11-07T21:08:51Z | |
| dc.identifier | https://seer.ufrgs.br/rita/article/view/rita_v20_n2_p155WesleyVol20Nr2_155 | |
| dc.identifier | 10.22456/2175-2745.26211 | |
| dc.identifier.uri | http://repositorioslatinoamericanos.uchile.cl/handle/2250/2187478 | |
| dc.description | The characterization of processes behavior is usually considered whenperforming intrusion detection. Several works characterize specific aspects of systemsand attempt to detect novelties in that context, associating observed anomalies to at-tack events. Such approach is limited or even useless when the observed context isunstructured, i.e. when the monitor generates text-based log files or a variable numberof application attributes. In order to overcome such drawback, this paper considersthe use of single-pass clustering techniques to quantize unstructured data and generatetime series, using algorithms with low computational complexity, applicable in a real-world scenario. Afterward, novelty detection techniques are employed on such seriesto distinguish behavior anomalies, which are associated with intrusions. We evaluatedthe approach using a system characterization dataset and confirmed that it aggregatescontext information to represent the behavior of applications as time series, wherenovelty detection can be successfully performed. | pt-BR |
| dc.format | application/pdf | |
| dc.language | por | |
| dc.publisher | Instituto de Informática - Universidade Federal do Rio Grande do Sul | en-US |
| dc.relation | https://seer.ufrgs.br/rita/article/view/rita_v20_n2_p155WesleyVol20Nr2_155/25444 | |
| dc.rights | Direitos autorais 2018 Eduardo Alves Ferreira, Rodrigo Fernandes Mello | pt-BR |
| dc.rights | http://creativecommons.org/licenses/by-nc-nd/4.0 | pt-BR |
| dc.source | Revista de Informática Teórica e Aplicada; v. 20, n. 2 (2013); 155-173 | en-US |
| dc.source | Revista de Informática Teórica e Aplicada; v. 20, n. 2 (2013); 155-173 | pt-BR |
| dc.source | 21752745 | |
| dc.source | 01034308 | |
| dc.subject | | pt-BR |
| dc.title | Intrusion Detection in Unstructured Contexts Using On-line Clustering and Novelty Detection | pt-BR |
| dc.type | Artículos de revistas | |
| dc.type | Artículos de revistas | |
| dc.coverage | | pt-BR |
| dc.coverage | | pt-BR |
| dc.coverage | | pt-BR |
