For studying intrusion detection data we consider data points referring to individual IP addresses and their connections: We build networks associated with those data points, such that vertices in a graph are associated via the respective IP addresses, with the key property that attacked data points are part of the structure of the network. More precisely, we propose a novel approach using simplicial complexes to model the desired network and the respective intrusions in terms of simplicial attributes thus generalizing previous graph-based approaches. Adapted network centrality measures related to simplicial complexes yield so-called patterns associated to vertices, which themselves contain a set of features. These are then used to describe the attacked or the attacker vertices, respectively. Comparing this new strategy with classical concepts demonstrates the advantages of the presented approach using simplicial features for detecting and characterizing intrusions.

翻译：针对入侵检测数据的研究，我们考虑以独立IP地址及其连接关系作为数据点：通过构建与这些数据点相关联的网络，使得图中的顶点通过相应IP地址产生关联，其核心特性在于受攻击数据点构成网络结构的内在组成部分。具体而言，我们提出一种利用单纯复形建模目标网络及相应入侵行为的新方法，通过单纯形属性对入侵进行描述，从而推广了传统的基于图模型的研究方法。基于单纯复形构建的网络中心性度量可生成与顶点关联的所谓模式，这些模式本身包含一组特征集合。这些特征随后分别用于描述受攻击顶点或攻击者顶点。通过与经典方法的对比分析，验证了所提出的单纯形特征方法在入侵检测与特征描述方面的优势。