"MINOS: 无监督的大型网络攻击检测与时间分析"

The task of monitoring malicious activities in large-scale networks has become increasingly challenging. The sheer volume and heterogeneity of network traffic hinder the manual definition of IDS signatures and deep packet inspection. In this thesis, the author presents MINOS, a novel, completely unsupervised method for generating anomaly scores for each host, enabling high-precision classification of infected (host generating malicious activity), attacked (host under attack), or clean (no infection) hosts. The hourly scores generated can detect the time range of host being infected or attacked without any prior knowledge. MINOS automatically creates personalized traffic behavior models for each host, without the need for any prior knowledge of existing or unknown attacks. Experimental evaluations on real large-scale academic networks data spanning over a year show that MINOS achieves very high accuracy even with just two weeks of data analysis. The author demonstrates that MINOS is also more effective and faster than state-of-the-art unsupervised anomaly detection methods for traffic data. The thesis "MINOS: Unsupervised Netflow-Based Detection of Infected and Attacked Hosts, and Attack Time in Large Networks" by Mousume Bhowmick, submitted for the degree of Master of Science in Computer Science at Boise State University in August 2019, presents a significant contribution to the field of network security, offering a promising approach to addressing the challenges of monitoring and detecting malicious activities in large-scale networks.