Journal ArticleDOI
Anomaly-based network intrusion detection: Techniques, systems and challenges
Reads0
Chats0
TLDR
The main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues are outlined.About:
This article is published in Computers & Security.The article was published on 2009-02-01. It has received 1712 citations till now. The article focuses on the topics: Anomaly-based intrusion detection system & Intrusion detection system.read more
Citations
More filters
Journal ArticleDOI
Survey of Network Intrusion Detection Methods From the Perspective of the Knowledge Discovery in Databases Process
TL;DR: In this paper, the authors present a survey of methods that have been applied to network data with the purpose of developing an intrusion detector, but unlike previous reviews in the area, they analyze them from the perspective of the Knowledge Discovery in Databases (KDD) process.
Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets
TL;DR: This research shows that by using proper data preprocessing and unsupervised data analyzing methods it is possible to detect fast and complex zero days (new) attack in real time.
Journal ArticleDOI
A likelihood ratio anomaly detector for identifying within-perimeter computer network attacks
TL;DR: A stochastic model of attacker behavior which is motivated by real world attacker traversal is introduced and a likelihood ratio detector is developed that compares the probability of observed network behavior under normal conditions against the case when an attacker has possibly compromised a subset of hosts within the network.
Book ChapterDOI
A Systematic Review of Artificial Intelligence and Machine Learning Techniques for Cyber Security
TL;DR: A systematic literature review of existing classification algorithms, applied to the area of detection of cyber security attacks is presented and it is concluded that Support Vector Machine (SVM), Random Forest (RF), Decision Tree (DT) and Artificial Neural Network (ANN) are the most frequently used classifiers.
Journal ArticleDOI
A refined filter for UHAD to improve anomaly detection
TL;DR: A refined filterer for unsupervised heterogeneous anomaly detection that retains most anomalous events irrespective of its volume in the logs is proposed and the experiment conducted reveals that the refined filTerer retained almost all the abnormal events thereby enabling the detection of maximum anomalies.
References
More filters
Journal ArticleDOI
LOF: identifying density-based local outliers
TL;DR: This paper contends that for many scenarios, it is more meaningful to assign to each object a degree of being an outlier, called the local outlier factor (LOF), and gives a detailed formal analysis showing that LOF enjoys many desirable properties.
Book ChapterDOI
Fast effective rule induction
TL;DR: This paper evaluates the recently-proposed rule learning algorithm IREP on a large and diverse collection of benchmark problems, and proposes a number of modifications resulting in an algorithm RIPPERk that is very competitive with C4.5 and C 4.5rules with respect to error rates, but much more efficient on large samples.
Book
Outliers in Statistical Data
Vic Barnett,Toby Lewis +1 more
TL;DR: In this article, the authors present an updated version of the reference work on outliers, including new areas of study such as outliers in direction data as well as developments in fields such as discordancy tests for univariate and multivariate samples.
Journal ArticleDOI
An Intrusion-Detection Model
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.