Journal ArticleDOI
Anomaly-based network intrusion detection: Techniques, systems and challenges
Reads0
Chats0
TLDR
The main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues are outlined.About:
This article is published in Computers & Security.The article was published on 2009-02-01. It has received 1712 citations till now. The article focuses on the topics: Anomaly-based intrusion detection system & Intrusion detection system.read more
Citations
More filters
Proceedings ArticleDOI
Early Detection of Network Attacks Using Deep Learning
TL;DR: This paper proposes an end-to-end early intrusion detection system to prevent network attacks before they could cause any more damage to the system under attack while preventing unforeseen downtime and interruption and introduces a new metric, called earliness, to evaluate how early this proposed approach detects attacks.
Proceedings ArticleDOI
Building robust temporal user profiles for anomaly detection in file system accesses
Shagufta Mehnaz,Elisa Bertino +1 more
TL;DR: An approach that discovers the users' tasks (sets of file accesses that represent distinct file system activities) by applying frequent sequence mining on the access log and builds robust temporal user profiles by extensively analyzing the timestamp information of users' file system accesses using a multilevel temporal data structure.
MUSE: asset risk scoring in enterprise network with mutually reinforced reputation
TL;DR: In this paper, a system that analyzes a large number of alerts and derives risk scores by correlating diverse entities in an enterprise network is presented, which exploits a novel mutual reinforcement principle and models the dynamics of risk based on the interdependent relationship among multiple entities.
Journal ArticleDOI
A Methodology for Runtime Detection and Extraction of Threat Patterns
Christos Bellas,Athanasios Naskos,Georgia Kougka,George Vlahavas,Anastasios Gounaris,Athena Vakali,Apostolos N. Papadopoulos,Evmorfia Biliri,Nefeli Bountouni,Gustavo Gonzalez Granadillo +9 more
TL;DR: An advanced extension to current Intrusion Detection System (IDS) solutions is proposed, which harvests the knowledge out of health data sources or network monitoring to construct models for new threat patterns and encompasses methods for detecting threat patterns utilizing also advanced unsupervised machine learning data analytic methodologies.
Book ChapterDOI
Analysis, Development and Deployment of Statistical Anomaly Detection Techniques for Real E-Mail Traffic
TL;DR: This Chapter discusses the analysis, development and deployment of statistical detection techniques aimed at the detection of Internet worms, and introduces a threshold mechanism, based on a simple statistical framework, to automatically detect and identify different worm activities.
References
More filters
Journal ArticleDOI
LOF: identifying density-based local outliers
TL;DR: This paper contends that for many scenarios, it is more meaningful to assign to each object a degree of being an outlier, called the local outlier factor (LOF), and gives a detailed formal analysis showing that LOF enjoys many desirable properties.
Book ChapterDOI
Fast effective rule induction
TL;DR: This paper evaluates the recently-proposed rule learning algorithm IREP on a large and diverse collection of benchmark problems, and proposes a number of modifications resulting in an algorithm RIPPERk that is very competitive with C4.5 and C 4.5rules with respect to error rates, but much more efficient on large samples.
Book
Outliers in Statistical Data
Vic Barnett,Toby Lewis +1 more
TL;DR: In this article, the authors present an updated version of the reference work on outliers, including new areas of study such as outliers in direction data as well as developments in fields such as discordancy tests for univariate and multivariate samples.
Journal ArticleDOI
An Intrusion-Detection Model
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.