Accurate anomaly detection through parallelism

Shanbhag, Shashank; Wolf, Tilman

doi:10.1109/mnet.2009.4804320

Cited by 38 publications

(11 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…False positive (FP) and false negative (FN) are two indicators to assess the degree of accuracy. The former occurs when IDS incorrectly identifies benign activity as being malicious, whereas the latter comes about if IDS fails to identify malicious activity (Stavroulakis and Stamp, 2010;Elshousha and Osmanb, 2011;Shanbhag and Wolf, 2009;Ho et al, 2012). Under the circumstances of failing to have the best of both worlds, many security administrators prefer decreasing FNs to increasing FPs due to the high security consideration.…”

Section: Technology Typesmentioning

confidence: 99%

Intrusion detection system: A comprehensive review

Liao

Lin

et al. 2013

Journal of Network and Computer Applications

1,218

547

View full text Add to dashboard Cite

Section: Technology Typesmentioning

confidence: 99%

Intrusion detection system: A comprehensive review

Liao

Lin

et al. 2013

Journal of Network and Computer Applications

1,218

547

View full text Add to dashboard Cite

“…To mitigate this variation, we employ an ensemble anomaly detection method [8] that exploits the multiple baseline models trained using multiple sets of labeled-and-sampled/sampled-andlabeled data. A similar idea proposed in [25][26][27] exploits multiple existing anomaly detection systems in parallel. Since the multiple sets of labeled-andsampled/sampled-and-labeled data would have information about different features of the normal behavior of network traffic, the ensemble of the multiple baseline models trained using these heterogeneous data improves performance in anomaly detection more effectively than using a single baseline model.…”

Section: Ensemble Anomaly Detection Using Multiple Baseline Modelsmentioning

confidence: 99%

Human error tolerant anomaly detection based on time-periodic packet sampling

Uchida

2016

Knowledge-Based Systems

View full text Add to dashboard Cite

“…A number of these approaches are variations of the change detection method, e.g., adaptive threshold [12], cumulative sum [13], wavelets [14], and maximum entropy [15]. In addition, an approach exploiting multiple existing anomaly detection algorithms in parallel has been used to increase the accuracy of anomaly detection [16].…”

Section: Related Work a Intrusion Detectionmentioning

confidence: 99%

“…Therefore, to mitigate the performance variation, we also devised an unsupervised ensemble anomaly detection method that exploits multiple baseline distributions trained using multiple sets of sampled data. A similar idea is proposed in [16], which exploits multiple existing anomaly detection systems in parallel. Our method does simultaneous time-periodical packet samplings.…”

Section: B Ensemble Anomaly Detection Using Multiple Baseline Modelsmentioning

confidence: 99%

Unsupervised Ensemble Anomaly Detection through Time-Periodical Packet Sampling

Nawata

Uchida

Gu³

et al. 2010

2010 INFOCOM IEEE Conference on Computer Communications Workshops

View full text Add to dashboard Cite

We propose an anomaly detection method that trains a baseline model describing the normal behavior of network traffic without using manually labeled traffic data. The trained baseline model is used as the basis for comparison with the audit network traffic. The proposed method can be carried out in an unsupervised manner through the use of time-periodical packet sampling for a different purpose from which it was intended. That is, we take advantage of the lossy nature of packet sampling for the purpose of extracting normal packets from the unlabeled original traffic data. By using real traffic traces, we show that the proposed method is comparable in terms of false positive and false negative rates on detecting anomalies regarding TCP SYN packets to the conventional method that requires manually labeled traffic data to train the baseline model. In addition, in order to mitigate the possible performance variation due to probabilistic nature of sampled traffic data, we devise an ensemble anomaly detection method that exploits multiple baseline models in parallel. Experimental results show that the proposed ensemble anomaly detection performs well and is not affected by the variability of time-periodical packet sampling.

show abstract

Accurate anomaly detection through parallelism

Cited by 38 publications

References 14 publications

Intrusion detection system: A comprehensive review

Intrusion detection system: A comprehensive review

Human error tolerant anomaly detection based on time-periodic packet sampling

Unsupervised Ensemble Anomaly Detection through Time-Periodical Packet Sampling

Contact Info

Product

Resources

About