Estudio comparativo de metodologías de selección de características en sistemas de detección de intrusos (Ids), basado en anomalías de red

dc.contributorHoz C, Eduardo de la
dc.contributorMendoza P, Fabio
dc.creatorDíaz Martínez, Jorge Luis
dc.date2018-11-03T01:48:53Z
dc.date2018-11-03T01:48:53Z
dc.date2017-10-24
dc.date.accessioned2023-10-03T19:05:50Z
dc.date.available2023-10-03T19:05:50Z
dc.identifierhttp://hdl.handle.net/11323/166
dc.identifierCorporación Universidad de la Costa
dc.identifierREDICUC - Repositorio CUC
dc.identifierhttps://repositorio.cuc.edu.co/
dc.identifier.urihttps://repositorioslatinoamericanos.uchile.cl/handle/2250/9167639
dc.descriptionCurrently companies do not import their asset classification of asset types of customers, cash, vehicles, accounts receivable, among others, however the most important asset that sometimes passes unbalanced by top management and of the administration of the organizations is THE INFORMATION. The information is very important in a company, so much that the impact that would cause, if the result is a disappeared or worse if it fell into the hands of the competition or of malicious people, is really disastrous, causing serious problems for the management of Organizational processes According to the International Organization for Standardization (ISO) define technological risk [Guidelines for the management of IT security / TEC TR 13335-1] [1996]. For this research, we are going to take into account the risks that are in the moment of safeguarding the information of any company using the technologies of networks of servers and clients, taking into account that the moment of implementing these technologies exist tools that help to safeguard the information, minimizing computer risks and avoiding intrusive access and various typologies of attacks that cause damage to information, network infrastructure and connected equipment. In these situations, there are different types of tools and techniques that protect us and reduce the risk making our company less vulnerable and hardening our network platform. The purpose of this investigation is a selection proposal and the classification of attacks of computer networks supported in systems of detention and prevention of intruders IDS / IPS.
dc.descriptionEn la actualidad las empresas, no importa su clasificación, poseen diferentes tipos de activos tales como maquinarias, dinero en efectivo, vehículos, cuentas por cobrar, entre otras, sin embargo, el activo más importante que algunas veces pasa desapercibido por la alta gerencia y de la administración de las organizaciones es LA INFORMACIÓN, la información es muy importante en una empresa, tanto que el impacto que llegaría a causar, si llegase a desaparecer o peor aún si cayese en manos de la competencia o de personas malintencionadas, sería realmente funesto, causando serios problemas para el manejo de los procesos organizacionales. Según la organización internacional por la normalización (ISO) define riesgo tecnológico (Guías para la gestión de la seguridad de TI/TEC TR 13335-1) [1996]. Para esta investigación vamos a tener en cuenta los riesgos que se corren al momento de salvaguardar la información de cualquier empresa utilizando tecnologías de redes servidores y clientes, teniendo en cuenta que al momento de implementar estas tecnologías existen ciertas herramientas comerciales que ayudan a salvaguardar la información, minimizando los riesgos informáticos y evitando por tanto accesos intrusivos y diversas tipologías de ataques con los que se pretende causar daños a la información, a la infraestructura de la red y a los equipos conectados. Ante estas situaciones existen diferentes tipos de herramientas y técnicas que nos permiten proteger y reducir el riesgo volviendo nuestra empresa menos vulnerable y endureciendo nuestra plataforma de red. El objeto de esta investigación es abordar una propuesta de selección y clasificación de ataques a redes informáticas soportadas en sistemas de detención y prevención de intrusos IDS/IPS.
dc.formatapplication/pdf
dc.languagespa
dc.publisherMaestría en Ingeniería (Énfasis en Redes y Software)
dc.relationDe La Hoz, E., De la Hoz, E., Ortiz, A., Ortega, J., & Prieto, B. (21 de September de 2015). PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing, 164, 71-81. doi:10.1016/j.neucom.2014.09.083 Devijver, P., & Kittler, J. (1982). Pattern Recognition: A Statistical Approach. Londres: Prentice-Hall. Shlens, J. (2009). A Tutorial on Principal Component Analysis. Center for Neural Science, NYU y Systems Neurology Laboratory, Salk Institute for Biological Studies La Jolla. Alahakoon, D., Halgamuge, S., & Srinivasan, B. (1998). A structure adapting feature map for optimal cluster representation. International Conference on Neural Information Processing ICONIP98, 809-812. Alhoniemi, E., Himberg, J., & Vesanto, J. (1999). Probabilistic measures for responses of selforganizing map units. Proceedings of the International ICSC Congress on Computational Intelligence Methods and Applications (CIMA), 1, 286-290. Alvarez Illán, I. (Junio de 2009). Análisis en Componentes de Imágenes Funcionales para la Ayuda al Diagnóstico de la Enfermedad del Alzheimer. Tesis Doctoral. Granada. Álvarez Illán, I., Manuel Górriz, J., Ramírez, J., Salas GonzáLez, D., López, M. M., Segovia, F., . . . Puntonet, C. (February de 2011). 18F-FDG PET imaging analysis for computer aided Alzheimer's diagnosis. Information Sciences, 181(4), 903-916. doi:10.1016/j.ins.2010.10.027 Anderson, J. (1980). Computer Security Threat Monitoring and Surveillance. Fort Washington, Pennsylvania: James P. Anderson Company. Axelsson, S. (2000). Intrusion Detection Systems: A Taxonomy and Survey. Technical Report 99- 15, Dept. of Computer Engineering, Chalmers University of Technology, Goteborg, Sweden. Bace, R. (2000). An Introduction to Intrusion Detection and Assessment / for System and Network Security Management. Obtenido de ICSA: http://www.iss.net/documents/whitepapers/intrusion.pdf Ben-Hur, A., & Guyon, I. (2003). Detecting stable clusters using principal component analysis. (M. Brownstein, & A. Kohodursky, Edits.) Humana press. Bhuyan, M., Bhattachayya, D., & Kalita, J. (2013). Network anomaly detection: methods , systems and tools. IEEE Commun. Surv. Tutor, 99. Blackmore, J., & Miikkulainen, R. (1993). Incremental grid growing: Encoding highdimensional structure into a two-dimensional feature map. Proceedings of the International Conference on Neural Networks ICNN93, I, 450-455. Blum, A., & Langley, P. (1997). Selection of relevant features and examples in machine learning. Artificial Intelligence, 245-271. Bolón-Canedo, V., Sánchez-Maroño, N., & Alonso-Betanzos, A. (2012). A review of feature selection methods on synthetic data. Knowledge and Information System, 483-519.Bouckaert, R. (2008). Practical bias variance decomposition. Advances in Artificial Intelligence - LNCS., 5360, 247-257. Bouvrie, P., Angulo, J., & Dehesa, J. (1 de June de 2011). Entropy and complexity analysis of Dirac-delta-like quantum potentials. Physica A: Statistical Mechanics and its Applications, 390(11), 2215–2228. doi:doi:10.1016/j.physa.2011.02.020 Bouzida, Y., & Gombault, S. (2004). Eigenconnections to intrusion detection. 19th IFIP International Information Security Conference (SEC2004), IEEE, 147, págs. 241–258. Toulouse, France. doi:10.1007/1-4020-8143-X_16 Bradley, P., & Fayyad, U. (1998). Refining initial points for K-Means clustering. Proc. 15th International Conf. on Machine Learning (págs. 91–99). San Francisco, CA: Morgan Kaufmann. Obtenido de citeseer.ist.psu.edu/bradley98refining.html Breiman, L., Friedman, J., Stone, C., & Olshen, R. (1984). Classification and Regression Trees (Wadsworth Statistics/Probability) (Vol. 1). Boca Raton London New York Washington, DC.: Chapman and Hall/CRC; Edición: New Ed (1 de enero de 1984). Brumlen, D., Wang, H., Newsome, J., & Song, D. (2006). Towards Automatic Generation of Vulnerability-based Signatures. IEEE Symposium, 1081-6011. Buenabad, J., & Coria, J. (Junio de 2004). Tolerancia a fallas para sistemas de detección de intrusos de red. Tesis de Maestría. CINVESTAV-IPN. California, U. O. (1999). The UCI KDD Archive. (University of California) Obtenido de http://kdd.ics.uci.edu/databases/kddcup99/task.htmlCalvo, R. F. (9 de Septiembre de 2000). ati. Obtenido de http://www.ati.es/novatica/glosario/glosario_internet.txt Cano, J., Herrera, F., & Lozano, M. (15 de May de 2005). Stratification for scaling up evolutionary prototype selection. Pattern Recognition Letters, 26(7), 953-963. doi:10.1016/j.patrec.2004.09.043 Carpenter, G., & Grossberg, S. (1988). The ART of Adaptive Pattern Recognition by a SelfOrganizing Neural Network. Computer, 21(3), 77-88. Chapman, D., & Zwicky, D. (1997). Construya Firewalls para Internet. Mexico: MacGraw-Hill. Chauhan, H., & Chauhan, A. (2013). Implementation of decision tree algorithm c4.5. International Journal of Scientific and Research Publications, 3(10). Cheng, S.-S., Fu, H.-C., & Wang, H.-M. (2009). Model-Based Clustering by Probabilistic SelfOrganizing Maps. IEEE TRANSACTIONS ON NEURAL NETWORKS, 20(5), 805-826. Chet, H., & Duren, M. (1998). Detecting Subtle System Changes Using Digital Signatures. Information Technology Conference, IEEE, 125-128. Choi, S.-S., Cha, S.-H., & Tappert, C. (2010). A survey of binary similarity and distance measures. Systemics, Cybernetics And Informatics, 8(1), 43-48. Comon, P. (1994). Independent component analysis, a new concept? Signal Process, 36(3), 287- 314. Computer Security Resource Center. (15 de Abril de 1980). Computer Security Threat Monitoring and Surveillance. Obtenido de http://csrc.nist.gov/publications/history/ande80.pdfComputerWire. (2002). DDoS Really, Really Tested UltraDNS. Informe técnico. Obtenido de http://www.theregister.co.uk/2002/12/14/ddos_attack_really_really_tested/ attack really really tested Cost, S., & Salzberg, S. (1993). A weighted nearest neighbor algorithm for learning with symbolic features. Machine Learning, 10, 57-78. Cover, T., & Hart, P. (1967). Nearest neighbor pattern classification. IEEE Transactions on Information Theory, 13(1), 21-27. Dain, O., & Cunningham, R. (2001). Fusing Heterogeneous Alert Streams into Scenarios (Vol. 6). Springer. doi:10.1007/978-1-4615-0953-0_5 Daniel, B. (01 de 04 de 2006). OSSEC. Obtenido de www.ossec.net Daniel, B., & Sushil, J. (2002). Applications of Data Mining in Computer Security (Vol. 6). Springer US. doi:10.1007/978-1-4615-0953-0 Dash, M., & Liu, H. (24 de January de 1997). Feature Selection for Classification. Intelligent Data Analysis, 1(1-4), 131-156. doi:10.1016/S1088-467X(97)00008-5 Davison, A., & Hinkley, D. (1997). Bootstrap methods and their application. Cambridge: Cambridge University Press. De la Hoz Franco, E., De la Hoz Correa, E., Ortiz Garcia, A., Ortega Lopera, J., & Martinez Alvarez, A. (2014). Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps. Knowledge-Based Systems, 71, 332-338.De la Hoz, E., Ortiz, A., Ortega, J., & De la Hoz, E. (2013). Network Anomaly Classification by Support Vector Classifiers Ensemble and Non-Linear Projection Technique. HAIS - Hybrid Artificial Intelligent Systems. Salamanca, España. Debar, H., Dacier, M., & Wespi, A. (Julio-Agosto de 2000). A Revised Taxonomy for IntrusionDetection Systems. Springer, 55(7-8), 361-378. doi:10.1007/BF02994844 Dempster, A., Lair, N., & Rubin, D. (1977). Maximum likelihood from incomplete data via the EM algorithm. Journal of the Royal Statistical Society: Series B (Statistical Methodology), 39(1), 1-38. Denison, D., Mallick, B., & F.M. Smith, A. (1998). A Bayesian CART Algorithm. Biometrika, 85(2), 363-377. Devijver, P. (Abril de 1977). Reconnaissance des Formes par la Méthode des Plus Proches Voisins. Doctoral Dissertation. Paris, Italia: Univ. de París VI. Devijver, P., & Kittler, J. (1982). Pattern recognition : a statistical approach. New York, Englewood Cliffs, USA: Prentice/Hall International. Devyver, P. A., & Kittler, J. (1982). Pattern Recognition: A Statistical Approach. Michigan, USA: Prentice-Hall. Dittenbach, M., Merkel, D., & Rauber, A. (2000). The growing hierarchical self-organizing map. Proceedings of the international joint conference on neural networks, VI, 15-19. Doak, J. (1992). An evaluation of feature-selection methods and their application to computer security. Tech. rep., University of California, Department of Computer Science.Duda, R., Hart, P., & Stork, D. (1996). Pattern Classification and Scene Analysis: Part I Pattern Classification. En Pattern Classification and Scene Analysis. John Wiley & Sons. Duin, R. (2000). Classifiers in almost empty spaces. IEEE Explore. Duran, F. F., Martinez Sanchez, I., & Sanchez Meraz, M. (2015). Improving Informatics Security Using Quality Control Circles. PROCEEDINGS OF THE 22015 THIRTY FIFTH CENTRAL AMERICAN AND PANAMA CONVENTION, 1-5. Eckmann, S. (2001). http://citeseerx.ist.psu.edu/. Obtenido de http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.16.4366&rep=rep1&type=pdf Elemento, O. (1999). Apport de l’analyse en composantes principales pour l’initialisation et la validation de cartes de kohonen. Inria Nancy - Grand Est: INRIA. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., & Stolfo, S. (2002). A geometric framework for unsupervised anomaly detection: detecting intru-sions in unlabeled data. Applications of Data Mining in Computer Security. Everett, D. (1992). Identity Verification and Biometrics. Boca Raton, FL, USA: CRC Press, Inc. Fanglu, G., Chen, J., & Chiueh, T. (2006). Spoof Detection for Preventing DoSv Attacks against DNS Servers|. En 26th IEEE International Conference, 37-47. Fano, U. (15 de Diciembre de 1961). Effects of Configuration Interaction on Intensities and Phase Shifts. Physical Review, 124(6), 1866-1878. Fawcett, T. (2006). An introduction to ROC analysis. (J. Elsevier, Ed.) Pattern Recogn Letters, 27(8), 861-874.Feldmeier, D., & Karn, P. (1989). UNIX Password Security - Ten Years Later. citeseer.ist.psu.edu/188968.html, 44-63. Obtenido de citeseer.ist.psu.edu/188968.html Fernandes, S., Kamienski, C., Kelner, J., Mariz, D., & Sadok, D. (9 de October de 2008). A stratified traffic sampling methodology for seeing the big picture. Computer Networks, 52(14), 2677-2689. doi:doi:10.1016/j.comnet.2008.05.011 Fix, E., & Hodges, J. (1951). Discriminatory analysis, nonparametric discrimination consistency properties. Technical Report 4, US Air Force, School of Aviation Medicine. Randolph Field, TX. Fix, E., & Hodges, J. (1951). Discriminatory analysis. Nonparametric estimation: Consistency properties. University of California, Berkeley. Randolph Field, Texas: University of California. Fix, E., & Hodges, J. (1952). Discriminatory analysis, nonparametric discrimination: small sample performance. Technical Report 11, US Air Force, School of Aviation Medicine, Randolph Field, TX. Fleuret, F. (5 de December de 2004). Fast binary feature selection with conditional mutual information. (I. Guyon, Ed.) Journal of Machine Learning Research, 1531–1555. Foithonga, S., Pinngernb, O., & At, B. (2012). Feature subset selection wrapper based on mutual information and rough sets. Expert Systems with Applications, 39(1), 574–584. doi:doi:10.1016/j.eswa.2011.07.048 Forgy, E. (1965). Cluster analysis of multivariate data: efficiency vs interpretability of classifications. Biom 21, 768-769.Friston, K., Ashburner, J., Kiebel, S., Nichols, T., & Penny, W. (2007). Statistical Parametric Mapping: The Analysis of Functional Brain Images. Elsevier. Fritzke, B. (1995). A growing neural gas network learns topologies. (G. Tesauro, D. Touretzky, & T. Leen, Edits.) Advances in Neural Information Processing Systems 7, 625-632. Fukunaga , K. (1990). Introduction to Statistical Pattern Recognition (2 ed.). (W. Rheinboldt, Ed.) New York, USA: Academic Press. Fyodor. (01 de 04 de 2015). Network Mapping Tool. Obtenido de http://www.insecure.org/nmap Geisser, S. (1993). Predictive inference: An Introduction. Minnesota: Chapman & Hall, Inc. doi:10.1007/978-1-4899-4467-2 Ghorbani, A., Lu, W., & Tavallae, M. (2009). Network Intrusion Detection and Prevention: Concepts and Techniques. Ghorbani, A., Lu, W., & Tavallaee, M. (2010). Evaluation Criteria. Network Intrusion Detection and Prevention. Concepts and Techniques. Advances in Information Security. Springer US, 161-183. Ghosh, J. (2002). Multiclassifier systems: Back to the future. MCS ’02: Proceedings of the Third International Workshop on Multiple Classifier Systems, 1-15. Girardin, L. (1999). An Eye on Network Intruder-Administrator Shootouts. Santa Clara, California, Estados Unidos de America. Gómez, J., Gil, C., Baños, R., López Márquez, A., Montoya, F., & Gil Montoya, M. (2013). A Pareto-based multi-objective evolutionary algorithm for automatic rule generation in network intrusion detection systems. Soft Computing, 17(2), 255-263Gong, F. (2003). Deciphering detection techniques: Part ii. Anomaly-based intrusion detection McAfee Network Security Technologies Group, White paper, 1, 1-10. Graf, H., Cosatto, E., Bottou, L., Durdanovic, I., & Vapnik, V. (2005). Parallel support vector machines: The Cascade svm. Advances in Neural Information Processing Systems, 521- 528. Guoliang, T., Kaiwang, N., & Ming, T. (15 de June de 2008). EM-type algorithms for computing restricted MLEs in multivariate normal distributions and multivariate t-distributions. Computational Statistics and Data Analysis, 52(10), 4768-4778. doi:DOI: 10.1016/j.csda.2008.03.022 Harrald, J., Schmitt, S., & Shrestha, S. (2004). The Effect of Computer Virus Occurrence and Virus Threat Lever on Antivirus Companies. Engineering Management Conference, IEEE, 780-784. Haykin, S. (1999). Neural networks (2 ed.). Prentice-Hall. He, J., Lan, M., Tan, C., Sung, S., & Low, H. (2004). Initialization of cluster refine-ment algorithms: A review and comparative study. Proceedings of International Joint Conference on Neural Networks (IJCNN). Heady, R., Luger, G., Maccabe, A., & Servilla, M. (1990). The Architecture of a Network Level Intrusion Detection System. Technical report, Department of Computer Science, University of New Mexico.Hellman, M. (1970). The Nearest Neighbor Classification Rule with a Reject Option. Systems Science and Cybernetics, IEEE Transactions on Systems, 6(3), 179 - 185. doi:10.1109/TSSC.1970.300339 Hellman, M., & Raviv, J. (Julio de 1970). Probability of Error, Equivocation, and the Chernoff Bound. IEEE Transactions On Information Theory, 16(4), 368-372. Heskes, T. (2001). Self-Organizing Maps, Vector Quantization, and Mixture Modeling. IEEE TRANSACTIONS ON NEURAL NETWORKS, 12(6), 1299 - 1305. doi:10.1109/72.963766 Hilera González, J., & Martínez Hernando, V. (2000). Redes neuronales artificiales: fundamentos modelos y aplicaciones. Madrid: Alfaomega Ra-Ma. Hopfield, J. (1982). Neural networks and physical systems with emergent collective computational abilities. Proceedingns of the National Academiy of Sciences, 79(8), 2554- 2558. Huerta, A. (01 de 04 de 2002). Seguridad en Unix y redes. Obtenido de https://www.rediris.es/cert/doc/unixsec/unixsec.pdf Inteco. (01 de 05 de 2015). Instituto Nacional de Tecnólogias de la Comunicación. Obtenido de https://www.incibe.es/ John, G., Kohavi, R., & Pfleger, K. (1994). Irrelevant features and the subset selection problem. En a. a. Journal version in AIJ (Ed.), International Conference on Machine Learnig (págs. 121-129). http://csxstatic.ist.psu.edu/about. Obtenido de http://citeseer.ist.psu.edu/john94irrelevant.htmlJuan, A., & Vidal, E. (2000). Comparison of Four Initialization Techniques for the K-Medians Clustering Algorithm. Proc. of Joint IAPR Int. Workshops SSPR 2000 and SPR 2000 of Lecture Notes in Computer Science, 1876, 842-852. Kalyanmoy, D. (2001). Multi-Objective Optimization Using Evolutionary Algorithms. NY, USA: Wiley. Kandeeban, S. S., & Rajesh, R. S. (2010). Integrated Intrusion Detection System Using Soft Computing. International Journal of Network Security, 87-92. Kaur, R., Kumar, G., & Kumar, K. (2015). A Comparative Study of Feature Selection Techniques for Intrusion Detection. 2nd International Conference on Computing for Sustainable Global Development (págs. 2120-2124). IEEExplore Digital Library. Kayacık, H., Zincir-Heywood, A., & Heywood, M. (2005). Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets. Proceedings of the 3rd Conference on Privacy, Security and Trust. Kayacik, H., Zincir-Heywood, A., & Heywood, M. (4 de Junio de 2007). A hierarchical SOMbased intrusion detection system. Engineering Applications of Artificial Intelligence, 20, 439–451. doi:10.1016/j.engappai.2006.09.005 Kendall, K. (1998). A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Massachusetts Institute of Technology Master´s thesis. Kendall, K. (1998). A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Massachusetts: Massachusetts Institute of Technology Master's ThesisKira, K., & Rendell, L. (1992). The feature selection problem: traditional methods and a new algorithm. Proceedings of the 2nd Workshop on Hot Topics in Networks (HotNets-II), AAAI Press, (págs. 129–134). Los Angeles, California, USA. Kohavi, R. (1995). A study of cross-validation and bootstrap for accuracy estimation and model selection. Proceedings of the Fourteenth International Joint Conference on Artificial Intelligence. 2 (12), págs. 1137-1143. San Francisco: Morgan Kaufmann, Montreal. Kohavi, R., & John, G. (1997). Wrappers for features subset selection. Artificial Intelligence - Special issue on relevance, 273-324. Kohl, J., Neuman, B., & Ts’o, T. (1994). The Evolution of the Kerberos Authentication Services. IEEE Computer Society Press, 79-94. Kohonen, T. (1982). Self-organized formation of topologically correct feature maps. Biological Cybernetics, 43(1), 59-69|. Kohonen, T. (1990). The Self-Organizing Map. Proceedings of the IEEE, 78(9), 1464-1480. Kohonen, T. (2001). Self-Organizing Maps (3 ed., Vol. 30). Springer-Verlag Berlin Heidelberg. doi:10.1007/978-3-642-56927-2 Kohonen, T. (2001). Self-Organizing Maps. Springer. Kotzanikolaou, P., & Douligeris, C. (2007). Computer Network Security: Basic Background and Current Issues. En P. Kotzanikolaou, & C. Douligeris, Network Security:Current Status and Future Directions (págs. 1-12). Wiley-IEEE Press. Kreibich, C., & Crowcroft, J. (2003). Honeycomb-creating intrusion detection signatures using honeypots. Proceedings of the 2nd Workshop on Hot Topics in Networks (HotNets-II).Kumar, S., & Spafford, E. (1995). A Software Architecture to Support Misuse Intrusion Detection. Proceedings of the 18th National Information Security Conference. Lakshmanan, V., Fritz, A., Smith, T., Hondl, K., & Stumpf, G. (2007). An automated technique to quality control radar reflectivity data. Journal of applied meteorology and climatology, 46(3), 288-305. Lazarevic, A., Kumar, V., & Srivast, J. (2005). Intrusion Detection: A Survey (Vol. 5). US: Springer US. doi:10.1007/0-387-24230-9_2 Lazarevic, A., Kumar, V., & Srivastava, J. (2005). Intrusion Detection: A survey. En V. Kumar, J. Srivastava, & A. Lazarevic, Managing Cyber Threats (págs. 19-78). Minnesota, United States of America: Springer. Levin, I. (2000). KDD-99 classifier learning contest, LLSoft´s results overview. SIGKDD Explorations, 1(2), 67-75. Lidong, Z., & Haas, Z. (2002). Securing ad hoc networks. (IEEE, Ed.) Network, IEEE, 13(6), 24- 30. doi:10.1109/65.806983 Liu, Y. (14-16 de September de 2004). A hybrid neural network learning system. Computer and Information Technology, 2004. CIT '04, 1016 - 1021. doi:10.1109/CIT.2004.1357329 LL-MIT. (2014). Publications. Recuperado el 26 de June de 2015, de Lincoln Laboratory of Massachusetts Institute TecnologyLincoln Laboratory of Massachusetts Institute Tecnology: http://www.ll.mit.edu/publications/index.html López, M., Ramírez, J., Górriz, J., Álvarez, I., Salas González, D., Segovia, F., . . . Gómez Río, M. (8 de March de 2011). Principal component analysis-based techniques and supervised classification schemes for the early detection of Alzheimer's disease. Neurocomputing, 74(8), 1260-1271. Lotlikar, R., & Kothari, R. (1999). Multilayer perceptron based dimensionality reduction. Neural Networks, IJCNN '99. International Joint Conference, 3, 1691 - 1695. doi:10.1109/IJCNN.1999.832629 Lunt, T. (1990). IDES: an intelligent system for detecting intruders. Computer Security, Threat and Countermeasures. Rome. Lunt, T., & Jagannathan, R. (1988). A Prototype Real-Time Intrusion-Detection Expert System. Security and Privacy, IEEE Symposium, (págs. 1-59). Luttrell, S. (1989). Hierarchical self-organising networks. Artificial Neural Networks, 1989., First IEE International Conference on (Conf. Publ. No. 313), 2-6. M. Borghi, M., Maggiolino, M., L. Montagnani, M., & Nuccio, M. (2012). Determinants in the online distribution of digital content: an exploratory analysis. European Journal for Law and Technology, 3(2). MacQueen, J. (1967). Some methods for classification and analysis of multivariate observations. (L. N. Cam, Ed.) Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, 1, 281–297. Maxion, R., & Roberts, R. (2004). Proper Use of ROC Curves in Intrusion/Anomaly Detection. Technical Report CS-TR-871, Uni-versity of Newcastle upon Tyne, School of Computing Science.Mbareen, S., Vaughn, R., & Bridges, S. (2004). Intrusion Sensor Data Fusion in an Intelligent Intrusion Detection System Architecture. Proceedings of the 37th Annual Hawaii International Conference, (pág. 10). Mu-Chun SU, T., & Chang, H. (2002). Improving the self-organizing feature map algorithm using an efficient initialization scheme. Tamkang Journal of Science and Engineering, 5, 35-48. Muller, K.-R., Smola, A., Ratsch, G., Scholkopf, J., & Vapnik, V. (s.f.). Using support vector machines for time series prediction. Naiqi, W., Qian, Y., & Chen, G. (2006). A Novel Approach to Trojan Horse Detection by Process Tracing. Proceedings of the 2006 IEEE International Conference, 721-726. Navidi, W. (2014). Statistics for Engineers and Scientists 4th Edition. McGraw-Hill Education. NIST. (01 de 04 de 2015). National Institute of Standards and Technology. Obtenido de http://www.nist.gov/ Noel, S., Wijesekera, D., & Youman, C. (2002). Modern intrusion detection, data mining, and degrees of attack guilt. Center for Secure Information Systems. George Mason University. Obtenido de Securing the World's Cyber Infrastructure: http://csis.gmu.edu/noel/pubs/IDS_chapter.pdf Northcutt, S., Winters, S., Kent, K., & Ritchey, R. (2005). Inside Network Perimeter Security: An Analyst Handbook (Second Edition ed.). NSL-KDD. (s.f.). Obtenido de http://www.iscx.ca/NSL-KDD/Ocsa, A., Bedregal, C., & Cuadros-Vargas, E. (12-17 Aug. de 2007). DB-GNG: A constructive self-organizing map based on density. Proceedings of the International Joint Conference on Neural Networks (IJCNN07), 1953-1958. doi:10.1109/IJCNN.2007.4371257 Odgaard, P., & Wickerhauser, M. (9-13 de July de 2007). Karhunen-Loeve (PCA) based detection of multiple oscillations in multiple measurement signals from large-scale process plants. American Control Conference, 5893 - 5898. doi:10.1109/ACC.2007.4282149 Olovsson, T. (1992). A Structured Approach to Computer Security. Chalmers University of Technology. Ortiz, A., Ortega, J., Díaz, A., & Prieto, A. (2011). Network Intrusion Prevention by Using Hierarchical Self-Organizing Maps and Probability-Based Labeling. En S. B. Heidelberg (Ed.), Advances in Computational Intelligence. 11th International Work-Conference on Artificial Neural Networks, IWANN (págs. 232-239). Torremolinos-Málaga, Spain: Lecture Notes in Computer Science. Pai, P.-F., & Hong, W.-C. (2005). Support vector machines with simulated annealing algorithms in electricity load forecasting. Energy Conversion and Management, 46(17), 2669-2688. Panda, M., Abraham, A., & Patra, M. (2010). Discriminative multinomial naïve Bayes for network intrusion detection. En IEEE (Ed.), 6th Conference on Information Assurance and Security (IAS), (págs. 5-10). Pena, J., Lozano, J., & Larranaga, P. (1999). An empirical comparison of four ini-tialization methods for the k-means algorithm. Pattern Recogn, 20, 1027-1040.Pfahringer, B. (2000). Winning the FDD99 classification cup: bagged-boosting. SIGKDD Explorations, 1(2), 65-66. Powell, D., & Stroud, R. (2001). Conceptual Model and Architecture, Deliverable D2, Project MAFTIA IST-1999-11583. Zurich: IBM Zurich Research Laboratory Research Report RZ 3377. RAE. (01 de 04 de 2015). Real Academia Española. Obtenido de http://lema.rae.es/drae/?val=seguridad RAE. (01 de 04 de 2015). Real Academia Española. Obtenido de http://lema.rae.es/drae/?val=seguro RAE. (01 de 04 de 2015). Real Academia Española. Obtenido de http://lema.rae.es/drae/?val=informat%C3%ADca RAE. (01 de 04 de 2015). Real Academia Española. Obtenido de http://lema.rae.es/drae/?val=anomal%C3%ADa Raudys, S., & Jain, A. (Marzo de 1992). Small sample size efects in statistical pattern recognition: recommendations for practitioners. IEEE Transactions on Pattern Analysis and Machine Intelligence, 13(3), 252-264. Reeves, C., & Singh Billan, G. (2001). Using Decision Surface Mapping in the Automatic Recognition of Images. En Artificial Neural Nets and Genetic Algorithms (págs. 82-85). Springer Vienna. doi:10.1007/978-3-7091-6230-9_19 Refaeilzadeh, P., Tang, L., & Lui, H. (6 de Noviembre de 2008). k-fold Cross-Validation. Arizona State UniversityRichards, J., & Jia, X. (2006). Remote Sensing Digital Image Processing: An Introduction (4th Edition ed.). Berlin Heidelberg, Germany: Springer-Verlag. Obtenido de springeronline.com Riveiro, M., Johansson, F., Falkman, G., & Ziemke, T. (2008). Supporting maritime situation awareness using self organizing maps and Gaussian mixture models. Proceedings of the 2008 Conference on 10th Scandinavian Conference on Artificial Intelligence (SCAI 2008), 1, págs. 84-91. Roesch, M. (7-12 de November de 1999). Snort-Lightweight Intrusion Detection for Networks. Proceedings of LISA '99: 13th Systems Administration Conference, 229-238. Roesch, M. (2005). Lightweight Intrusion Detection for Networks. Obtenido de www.snort.org Rubio, G., Guillen, A., Herrera, L., Pomares, H., & Rojas, I. (2008). Use of specific-to-problem kernel functions for time series modeling. ESTSP'08: Proceedings of the European Symposium on Time Series Prediction, 177-186. Rusell, D., & Gangemi, G. (1991). Computer Security Basics. California: O‟Reilly & Associates, Inc., Sebastopol. Saâdaoui, F. (2010). Acceleration of the EM algorithm via extrapolation methods: Review, comparison and new methods. Computational Statistics & Data Analysis, 54(3), 750-766. Sadkhan, S. (2009). On artificial intelligence approaches for network intrusion detection systems. MASAUM Journal of Computing, 236-243. Samad, T., & Harp, S. (1992). Self-Organization with Partial Data. Network, 205-212.Sandeep, K. (1995). Classification and Detection of Computer Intrusions. citeseer.ist.psu.edu/kumar95classification.html. Obtenido de Purdue University. SANS. (2015). SANS. Obtenido de http://www.sans.org/security-resources/idfaq/ Sapkal, S., Kakarwal, S., & Revankar, P. (13-15 de December de 2007). Analysis of Classification by Supervised and Unsupervised Learning. Conference on Computational Intelligence and Multimedia Applications, 1, 280 - 284. doi:10.1109/ICCIMA.2007.237 Scholkopf, B., & Smola, A. (2001). Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond. Cambridge, MA, USA: MIT Press. Schott, J. (Diciembre de 1998). Estimating correlation matrices that have common eigenvectors. Computational Statistics & Data Analysis(27), 445-459. Schwartz, S., & Carpenter, K. (August de 1999). The right answer for the wrong question: consequences of type III error for public health research. Am J Public Health, 89(8), 1175–1180. doi:10.1007/978-1-4899-4467-2 Schweitzer, F. (1997). Self-Organization of Complex Structures: from individual to collective dynamics. Berlin: CRC Press. Security, I. f. (01 de 04 de 2015). Institute for Internet Security. Obtenido de http://www.internet-sicherheit.de/en/research/recent-projects/internet-early-warningsystems/internet-analysis-system/recent-results/ Smith, L. (2002). Tutorial on Principal Components Analysis. Spafford, E. (1989). Crisis and Aftermath. Communications of the ACM, 678-687. SRI. (s.f.). SRI International. Obtenido de http://www.sri.com/Strehl, A., & Ghosh, J. (2002). Cluster ensembles – a knowledge reuse framework for combining partitionings. Proceedings of AAAI2002, 93-98. Tasdemir, K., Milenov, P., & Tapsall, B. (March de 2011). Topology-based hierarchical clustering of self-organizing maps. IEEE Trans Neural Netw, 22(3), 474-485. doi:10.1109/TNN.2011.2107527. Tatsuoka, M. (Junio de 1974). Multivariante Analysis: Techniques for Educational and Psychological Research. 39(2), 269-274. Tavallaee, M., Stakhanova, N., & Ghorbani, A. (2010). Toward credible evaluation of anomalybased intrusion-detection methods. IEEE Transactions On Systems, Man, And Cybernetics—Part C: Applications And Reviews, 516-524. doi:10.1109/TSMCC.2010.2048428 Tay. (2001). Application of support vector machines in financial time series forecasting. Omega: The International Journal of Management Science, 29(4), 309-317. Theodoridis, S., & Koutroumbas, K. (2009). Pattern Recognition. Burlington , USA: Academic Press - Elsevier . Theodoridis, S., & Koutroumbas, K. (2009). Pattern Recognition, 4th Edition. Elsevier Inc. Tipton, H., & Krause, M. (2006). Information Security Management Handbook (Vol. 5). Auerbach Publications. Turk, M., & Pentland, A. (3-6 Jun 1991). Face recognition using eigenfaces. Computer Vision and Pattern Recognition, 1991. Proceedings CVPR '91., IEEE Computer Society Conference on, (págs. 586 - 591). doi:10.1109/CVPR.1991.139758University of California. (28 de October de 1999). (Information and Computer Science, University of California. Irvine, CA 92697-3425.) Obtenido de http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html University of California. (28 de October de 1999). KDD Cup 1999 Data. (Irvine) Recuperado el 15 de Agost de 2015, de The UCI KDD Archive: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html Vapnik, V. (1998). Statistical Learning Theory. New York: John Wiley and Sons, Inc. Vesanto, J., Himberg, J., Alhoniemi, E., & Parhankangas, J. (2000). SOM toolbox. Helsinki University of Technology. Finland: Helsinki University of Technology. Vesanto, J., Himberg, J., Alhoniemi, E., & Parhankangas, J. (April de 2000). SOM Toolbox for Matlab 5. Report A57, Laboratory of Computer and Information Science (CIS). Recuperado el 2016, de http://www.cis.hut.fi/projects/somtoolbox/ VIM, W. G.—B. (2008). Bureau International des Poids et Mesures. Recuperado el 26 de Junio de 2015, de Common Documents: http://www.bipm.org/utils/common/documents/jcgm/JCGM_200_2008.pdf Wang Ko, C. C. (1996). Execution Monitoring of Security Critical Programs in a Distributed System: A Specification-Based Approach. Dissertation Doctor of Philosophy. Wang, H., & Hu, Z. (22 de October de 2009). On EM Estimation for Mixture of Multivariate tDistributions. Neural Processing Letters, 243-256. doi:10.1007/s11063-009-9121-5Wenli, L., Xiaolong , Z., Tao, W., & Hiu, W. (2014). Collaboration Pattern and Topic Analysis on Intelligence and Security Informatics Research. INTELLIGENCE AND SECURITY INFORMATICS, 39-45. Wu, S. X., & Banzhaf, W. (2010). The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing, 1-35. Wu, S., & Banzhaf, W. (2010). The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing, 1-35. Wu, W., Massart, D., & Jong, S. (1997). The kernel pca algorithms for wide data part i: Theory and algorithms. Chemometrics and Intelligent Laboratory Systems, 36(2), 165-172. Ylonen, T. (1996). SSH - Secure Login Connections over the Internet. En Proceedings of the 6th Security Symposium) (USENIX Association: Berkeley, CA). Zargari, S., & Voorhis, D. (2012). Feature Selection in the Corrected KDD-dataset. EIDWT '12 Proceedings of the 3rd International Conference on Emerging Intelligent Data and Web Technologies, (págs. 174-180). Zhang, D.-Q., & Chen, S.-C. (2003). Clustering incomplete data using kernel-based fuzzy cmeans algorithm. Neural Process, 18(3), 155-162. Ziolko, S., Weissfeld, L., Klunk, W., Mathis, C., Hoge, J., Lopresti, B., . . . Price, J. (2006). Evaluation of voxel-based methods for the statistical analysis of PIB PET amyloid imaging studies in Alzheimer's disease. NeuroImage, 33(1), 94-102. Zseby, T. (2003). Stratification Strategies for Sampling-based Non-intrusive Measurement of One-way Delay. Proceedings of Passive and Active Measurement Workshop, 171-179.Lippmann, R., Haines, J., Fried, D., Korba, J. and Das, K. (2000). The 1999 DARPA off-line intrusion detection evaluation. Computer Networks, 34(4), pp.579-595
dc.rightsAtribución – No comercial – Compartir igual
dc.rightsinfo:eu-repo/semantics/openAccess
dc.rightshttp://purl.org/coar/access_right/c_abf2
dc.subjectSelección de características
dc.subjectIDS basados en anomalías
dc.subjectTasas de detección
dc.subjectTécnicas de clasificación
dc.titleEstudio comparativo de metodologías de selección de características en sistemas de detección de intrusos (Ids), basado en anomalías de red
dc.typeTrabajo de grado - Pregrado
dc.typehttp://purl.org/coar/resource_type/c_7a1f
dc.typeText
dc.typeinfo:eu-repo/semantics/bachelorThesis
dc.typeinfo:eu-repo/semantics/publishedVersion
dc.typehttp://purl.org/redcol/resource_type/TP
dc.typeinfo:eu-repo/semantics/acceptedVersion
dc.typehttp://purl.org/coar/version/c_ab4af688f83e57aa


Este ítem pertenece a la siguiente institución