@inproceedings{08da05613b654ca8b595597a5d1ccc05,
title = "A new method of data preprocessing and anomaly detection",
abstract = "Data preprocessing including feature extraction is the first significant step in anomaly detection where normal profiles needed to be constructed. The paper defined a sort of traffic flows to be the atomy event unit of preprocessing, making the data preprocessing module more efficient and robust Based on TCP Flows, the paper introduces a novel methodology to analysis the feature attributes of network traffic flow with some new techniques, including a novel quantization model of TCP states. Integrating with data preprocessing, we construct an anomaly detection algorithm with SOFM and applied the detection frame to DARPA Intrusion Detection Evaluation Data. We train SOFM to exploit the normal profile distributions of network traffic. And then the test data with attack-instances embedded is utilized. It is shown that the network attacks are detected with more efficiency and relatively low false alarms.",
keywords = "Anomaly detection, Data preprocessing, Self-Organizing Feature Map, TCP Flow",
author = "Jun Zheng and Hu, \{Ming Zeng\} and Zhang, \{Hong Li\}",
year = "2004",
language = "英语",
isbn = "0780384032",
series = "Proceedings of 2004 International Conference on Machine Learning and Cybernetics",
pages = "2685--2690",
booktitle = "Proceedings of 2004 International Conference on Machine Learning and Cybernetics",
note = "Proceedings of 2004 International Conference on Machine Learning and Cybernetics ; Conference date: 26-08-2004 Through 29-08-2004",
}