Detecting novel scans through pattern anomaly detection
作者: A. Valdes
DOI: 10.1109/DISCEX.2003.1194880
关键词:
摘要: We introduce a technique for detecting anomalous patterns in categorical feature (one that takes values from finite alphabet). It differs most anomaly detection methods used to date it does not require attack-free training data, and improves upon previous known us is aware when adequately trained generate meaningful alerts, models data as normal but falling into one of number modes discovered by competitive learning. apply the port TCP sessions (the alphabet being numbers) highlight interesting detected simulated real traffic. propose extensions where learned pattern library can be seeded some interest labeled, so certain an alert no matter how frequently they are observed, while others labeled benign do alerts even if rarely seen. Finally, we outline hybrid system approach closely integrate misuse detection, arguing historical dichotomy with which many researchers these techniques now artificial.
fit.edu 
sci-hub.se 参考文章(15)
David E. Rumelhart, David Zipser, Feature discovery by competitive learning Connectionist models and their implications: readings from cognitive science. pp. 205- 242 ,(1988)
John Stutz, Peter Cheeseman, Bayesian classification (AutoClass): theory and results knowledge discovery and data mining. pp. 153- 180 ,(1996)
E Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, Sal Stolfo, A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA APPLICATIONS OF DATA MINING IN COMPUTER SECURITY. pp. 0- 0 ,(2002) , 10.7916/D8D50TQT
Julius T. Tou, Rafael C. Gonzalez, Pattern recognition principles ,(1974)
Wenke Lee, S.J. Stolfo, K.W. Mok, A data mining framework for building intrusion detection models ieee symposium on security and privacy. pp. 120- 132 ,(1999) , 10.1109/SECPRI.1999.766909
Stephen Grossberg, Neural Networks and Natural Intelligence ,(1988)
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
Alfonso Valdes, Keith Skinner, Adaptive, Model-Based Monitoring for Cyber Attack Detection recent advances in intrusion detection. pp. 80- 92 ,(2000) , 10.1007/3-540-39945-3_6
K.M.C. Tan, R.A. Maxion, "Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector ieee symposium on security and privacy. pp. 188- 201 ,(2002) , 10.1109/SECPRI.2002.1004371
C. Warrender, S. Forrest, B. Pearlmutter, Detecting intrusions using system calls: alternative data models ieee symposium on security and privacy. pp. 133- 145 ,(1999) , 10.1109/SECPRI.1999.766910