Learning rules for anomaly detection of hostile network traffic

Mahoney, Matthew V.; Chan, Philip K.

doi:10.1109/icdm.2003.1250987

Cited by 153 publications

(77 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Just the same as Mahoney et al, We refer to them as NETAD-C and LERAD-C respectively. Therefore, we compare the performance of LERAD-GP with that of the other two algorithms, which are tested in both modified DARPA 1999 and the mixed dataset in [4]. The results are as follows.…”

Section: Experiments and Resultsmentioning

confidence: 99%

“…LERAD-GP is a variation of LERAD, which has been presented by Mahoney et al to find the relation of the attributes in network connections [4]. In the process of experimenting, we found that LERAD-GP outperforms LERAD in detecting attacks from modified data set, in which the simulation artifacts had been removed.…”

Section: Introductionmentioning

confidence: 91%

“…As with PHAD, the anomaly score is relevant to the time since the last event. LERAD (LEarning Rules for Anomaly Detection) [4] is a system that learns rules for finding rare events in nominal timeseries data with long range dependencies. It constitutes an improvement of the two previous methods by using a rule learning algorithm.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection

Chao

Tian

Huang

et al. 2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The DARPA/MIT Lincoln Laboratory off-line intrusion detection evaluation data set is the most widely used public benchmark for testing intrusion detection systems. But the presence of simulation artifacts attributes would cause many attacks in this dataset to be easily detected. In order to eliminate their influence on intrusion detection, we simply omit these attributes in the processes of both training and testing. We also present a GP-based rule learning approach for detecting attacks on network. GP is used to evolve new rules from the initial learned rules through genetic operations. Our results show that GP-based rule learning approach outperforms the original rule learning algorithm, detecting 84 of 148 attacks at 100 false alarms despite the absence of several simulation artifacts attributes.

show abstract

Section: Experiments and Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 91%

See 1 more Smart Citation

Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection

Chao

Tian

Huang

et al. 2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…LERAD [13] used different approaches to tackle different types of data entries. A framework is discovered that uses both normal and anomalous data to find out characteristic features of anomalies on the basis of which anomalies can be removed.…”

Section: I) Statistical Anomaly Detectionmentioning

confidence: 99%

Black Box Anomaly Detection in Multi-Cloud Environment

Ahirwar¹,

Ahirwar²,

Chourasia³

2016

IJCA

View full text Add to dashboard Cite

Automatic identification of anomalies for performance diagnosis in the cloud computing is a fundamental and challenging issue. TPA is interested to identifies these anomalies and remove them so that the performance of the cloud systems increased. In this paper we are proposing an Automatic Black Box Anomaly Detector which can find anomalies automatically with minimum human intervention. Using this detector we can find old and even new anomalies created in the cloud computing systems even if we don't have knowledge of source code (i.e. black box testing). Automatic black box anomaly detection is a two step process in which first of all data from different sources is collected and transform it into a common form that is act as input for black box anomaly detector and secondly anomaly detection is performed. General TermsAnomaly detection in cloud computing. KeywordsBlack box anomaly detector, cloud service provider, performance diagnosis, cloud systems.

show abstract

“…Rule Based Mahoney and Chan (2003) present an algorithm for learning rules of normal behavior by mining network data to find precedent consequent pairs of general rules from randomly selected samples. Another approach presented by (Gomez and Dasgupta, 2002) (1) uses genetic algorithms for deriving fuzzy rules for classifying normal and abnormal behavior in networks.…”

Section: Network Security Incidents or Intrusions Reported By Computementioning

confidence: 99%

Multi Scale Time Series Prediction for Intrusion Detection

Palanivel¹

2014

American Journal of Applied Sciences

View full text Add to dashboard Cite

We propose an anomaly-based network intrusion detection system, which analyzes traffic features to detect anomalies. The proposed system can be used both in online as well as off-line mode for detecting deviations from the expected behavior. Although our approach uses network packet or flow data, it is general enough to be adaptable for use with any other network variable, which may be used as a signal for anomaly detection. It differs from most existing approaches in its use of wavelet transform for generating different time scales for a signal and using these scales as an input to a two-stage neural network predictor. The predictor predicts the expected signal value and labels considerable deviations from this value as anomalies. The primary contribution of our work would be to empirically evaluate the effectiveness of multi resolution analysis as an input to neural network prediction engine specifically for the purpose of intrusion detection. The role of Intrusion Detection Systems (IDSs), as special-purpose devices to detect anomalies and attacks in a network, is becoming more important. First, anomaly-based methods cannot achieve an outstanding performance without a comprehensive labeled and up-to-date training set with all different attack types, which is very costly and time-consuming to create if not impossible. Second, efficient and effective fusion of several detection technologies becomes a big challenge for building an operational hybrid intrusion detection system.

show abstract

Learning rules for anomaly detection of hostile network traffic

Abstract: We

Cited by 153 publications

References 7 publications

Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection

Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection

Black Box Anomaly Detection in Multi-Cloud Environment

Multi Scale Time Series Prediction for Intrusion Detection

Contact Info

Product

Resources

About