Adaptive real-time anomaly detection with incremental clustering
作者: Kalle Burbeck , Simin Nadjm-Tehrani
DOI: 10.1016/J.ISTR.2007.02.004
关键词:
摘要: Anomaly detection in information (IP) networks, of deviations from what is considered normal, an important complement to misuse based on known attack descriptions. Performing anomaly real-time places hard requirements the algorithms used. First, deal with massive data volumes one needs have efficient structures and indexing mechanisms. Secondly, dynamic nature today's networks makes characterisation normal requests services difficult. What as during some time interval may be classified abnormal a new context, vice versa. These factors make many proposed mining techniques less suitable for intrusion detection. In this paper we present ADWICE, Detection With fast Incremental Clustering, propose grid index that shown improve performance while preserving efficiency search. Moreover, two mechanisms adaptive evolution normality model: incremental extension elements behaviour, feature enables forgetting outdated behaviour. address network environment such telecom management network. We evaluate technique network-based detection, using KDD set well IP test The experiments show good quality act proof concept adaptation normality.
elsevier.com
acm.org 
sci-hub.se 参考文章(26)
Tobias Chyssler, Simin Nadjm-Tehrani, John Bigham, Kalle Ring Burbeck, C. Balducelli, David Gamez, Safeguarding Critical Infrastructures Wiley Sons. pp. 500- ,(2004)
Raymond Ng, Randy Goebel, Daniel Keim, D. J. Hand, Osmar R. Zaïane, KDD-2002 : proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, July 23-26, 2002, Edmonton, Alberta, Canada Association for Computing Machinery. ,(2002)
J.C. Munson, S. Wimer, Watcher: the missing piece of the security puzzle annual computer security applications conference. pp. 230- 239 ,(2001) , 10.1109/ACSAC.2001.991539
Kalle Burbeck, Simin Nadjm-Tehrani, ADWICE – Anomaly Detection with Real-Time Incremental Clustering Lecture Notes in Computer Science. ,vol. 3506, pp. 407- 424 ,(2005) , 10.1007/11496618_30
Benjamin Morin, Hervé Debar, Correlation of Intrusion Symptoms: An Application of Chronicles recent advances in intrusion detection. pp. 94- 112 ,(2003) , 10.1007/978-3-540-45248-5_6
Karlton Sequeira, Mohammed Zaki, ADMIT Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '02. pp. 386- 395 ,(2002) , 10.1145/775047.775103
H.S Venter, J.H.P Eloff, Feature: A taxonomy for information security technologies Computers & Security. ,vol. 22, pp. 299- 307 ,(2003) , 10.1016/S0167-4048(03)00406-1
John McHugh, Testing Intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 262- 294 ,(2000) , 10.1145/382912.382923
R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, S. Zhou, Specification-based anomaly detection Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 265- 274 ,(2002) , 10.1145/586110.586146
J. Haines, D. Kewley Ryder, L. Tinnel, S. Taylor, Validation of sensor alert correlators ieee symposium on security and privacy. ,vol. 1, pp. 46- 56 ,(2003) , 10.1109/MSECP.2003.1176995