Proceedings ArticleDOI
Unsupervised Anomaly Intrusion Detection via Localized Bayesian Feature Selection
Wentao Fan,Nizar Bouguila,Djemel Ziou +2 more
- pp 1032-1037
TLDR
This paper proposes a novel unsupervised statistical approach for detecting network based attacks through finite generalized Dirichlet mixture models, in the context of Bayesian variational inference.Abstract:
In recent years, an increasing number of security threats have brought a serious risk to the internet and computer networks. Intrusion Detection System (IDS) plays a vital role in detecting various kinds of attacks. Developing adaptive and flexible oriented IDSs remains a challenging and demanding task due to the incessantly appearance of new types of attacks and sabotaging approaches. In this paper, we propose a novel unsupervised statistical approach for detecting network based attacks. In our approach, patterns of normal and intrusive activities are learned through finite generalized Dirichlet mixture models, in the context of Bayesian variational inference. Under the proposed variational framework, the parameters, the complexity of the mixture model, and the features saliency can be estimated simultaneously, in a closed-form. We evaluate the proposed approach using the popular KDD CUP 1999 data set. Experimental results show that this approach is able to detect many different types of intrusions accurately with a low false positive rate.read more
Citations
More filters
Journal ArticleDOI
A comparative evaluation of outlier detection algorithms: Experiments and analyses
TL;DR: This task challenges state-of-the-art methods from a variety of research fields to applications including fraud detection, intrusion detection, medical diagnoses and data cleaning.
Journal ArticleDOI
A holistic review of Network Anomaly Detection Systems: A comprehensive survey
TL;DR: Various Decision Engine (DE) approaches are described, including new ensemble learning and deep learning approaches, and cyber kill chain models and cyber-attacks that compromise network systems are explained.
Journal ArticleDOI
Novel Geometric Area Analysis Technique for Anomaly Detection Using Trapezoidal Area Estimation on Large-Scale Networks
TL;DR: A novel Geometric Area Analysis technique based on Trapezoidal Area Estimation (TAE) for each observation computed from the parameters of the Beta Mixture Model (BMM) for features and the distances between observations achieves a higher detection rate and lower FPR with a lower processing time than other competing methods.
Journal ArticleDOI
Network Intrusion Detection: An Analyst’s Handbook
Book ChapterDOI
Big Data Analytics for Intrusion Detection System: Statistical Decision-Making Using Finite Dirichlet Mixture Models
TL;DR: This chapter presents a scalable framework for building an effective and lightweight anomaly detection system using the Dirichlet mixture model and precise boundaries of interquartile range for finding small differences between legitimate and attack vectors, efficiently identifying these attacks.
References
More filters
BookDOI
Finite mixture models: McLachlan/finite mixture models
Geoffrey J. McLachlan,David Peel +1 more
TL;DR: The important role of finite mixture models in statistical analysis of data is underscored by the ever-increasing rate at which articles on mixture applications appear in the statistical and geospatial literature.
Book
Finite Mixture Models
Geoffrey J. McLachlan,David Peel +1 more
TL;DR: The important role of finite mixture models in the statistical analysis of data is underscored by the ever-increasing rate at which articles on mixture applications appear in the mathematical and statistical literature.
Journal ArticleDOI
An Intrusion-Detection Model
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.
Posted Content
Finite Mixture Models
TL;DR: Finite mixture models as mentioned in this paper provide a natural way of modeling continuous or discrete outcomes that are observed from populations consisting of a finite number of homogeneous subpopulations, which are abundant in the social and behavioral sciences, biological and environmental sciences, engineering and finance.
Proceedings ArticleDOI
Detecting intrusions using system calls: alternative data models
TL;DR: This work compares the ability of different data modeling methods to represent normal behavior accurately and to recognize intrusions and concludes that for this particular problem, weaker methods than HMMs are likely sufficient.
Related Papers (5)
Unsupervised selection of a finite Dirichlet mixture model: an MML-based approach
Nizar Bouguila,Djemel Ziou +1 more