A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection

@inproceedings{Lazarevic2003ACS,
  title={A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection},
  author={Aleksandar Lazarevic and Levent Ert{\"o}z and Vipin Kumar and Aysel Ozgur and Jaideep Srivastava},
  booktitle={SDM},
  year={2003}
}
Intrusion detection corresponds to a suite of techniques that are used to identify attacks against computers and network infrastructures. [...] Key Method Several existing supervised and unsupervised anomaly detection schemes and their variations are evaluated on the DARPA 1998 data set of network connections [9] as well as on real network data using existing standard evaluation techniques as well as using several specific metrics that are appropriate when detecting attacks that involve a large number of…Expand
Network Intrusion Detection System (NIDS)
TLDR
An unsupervised anomaly detection technique that assigns a score to each network connection that reflects how anomalous the connection is, and an association pattern analysis based module that summarizes those network connections that are ranked highly anomalous by the anomaly detection module. Expand
A Comparative Study of Unsupervised Anomaly Detection Techniques Using Honeypot Data
TLDR
A set of experiments to evaluate and analyze performance of the major unsupervised anomaly detection techniques using real traffic data obtained at honeypots deployed inside and outside of the campus network of Kyoto University, and give some practical and useful guidelines to IDS researchers and operators. Expand
Data Clustering for Anomaly Detection in Network Intrusion Detection
TLDR
The Kmeans algorithm was chosen to evaluate the performance of an unsupervised learning method for anomaly detection using the Kdd Cup 1999 network data set and it was found that a high detection rate can be achieve while maintaining a low false alarm rate. Expand
Anomaly intrusion detection model using data mining techniques
TLDR
This research focuses on the various data mining techniques for anomaly based intrusion detection system using unsupervised anomaly detection schemes on the DARPA’98 data sets and real network traffic to identify accuracy in detecting the different types of network intrusions. Expand
Quantitative comparison of unsupervised anomaly detection algorithms for intrusion detection
TLDR
This paper experimentally evaluates a pool of twelve unsupervised anomaly detection algorithms on five attacks datasets and identifies the families of algorithms that are more effective for intrusion detection, and the families that is more robust to the choice of configuration parameters. Expand
Risk Leveling of Network Traffic Anomalies
TLDR
A data mining technique to assess the risks of local anomalies based on synopsis obtained from a global spatiotemporal modeling approach that is incremental, scalable and thus suitable for online processing. Expand
Detection of Novel Network Attacks Using Data Mining
TLDR
Experimental results on live network traffic at the University of Minnesota show that the MINDS anomaly detection techniques have been successful in automatically detecting several novel intrusions that could not be identified using state-of-the-art signature-based tools such as SNORT. Expand
Attacks classification in adaptive intrusion detection using decision tree
TLDR
A new learning algorithm for anomaly based network intrusion detection system using decision tree algorithm that distinguishes attacks from normal behaviors and identifies different types of intrusions is presented. Expand
A Novel Outlier Detection Scheme for Network Intrusion Detection Systems
  • K. Prakobphol, J. Zhan
  • Computer Science
  • 2008 International Conference on Information Security and Assurance (isa 2008)
  • 2008
TLDR
A novel outlier detection scheme based on cost-distribution to detect anomaly behavior in network intrusion detection is proposed and the capability of this new approach with the data set from KDD Cup 1999 data mining competition is evaluated. Expand
Unsupervised Anomaly Detectors to Detect Intrusions in the Current Threat Landscape
TLDR
Algorithms as Isolation Forests, One-Class Support Vector Machines, and Self-Organizing Maps are more effective than their counterparts for intrusion detection, while clustering algorithms represent a good alternative due to their low computational complexity. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 35 REFERENCES
A Study in Using Neural Networks for Anomaly and Misuse Detection
TLDR
New process-based intrusion detection approaches are described that provide the ability to generalize from previously observed behavior to recognize future unseen behavior and can be used for both anomaly detection and misuse detection. Expand
Detecting Novel Network Intrusions Using Bayes Estimators
TLDR
This work has been funded by AFRL Rome Labs under the contract F 30602-00-2-0512 and aims to detect well-known attacks as well as slight variations of them, by characterizing the rules that govern these attacks. Expand
Learning nonstationary models of normal network traffic for detecting novel attacks
TLDR
This paper proposes a learning algorithm that constructs models of normal behavior from attack-free network traffic that can be combined to increase coverage of traditional intrusion detection systems. Expand
An Intrusion-Detection Model
  • D. Denning
  • Computer Science
  • IEEE Transactions on Software Engineering
  • 1987
A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described. The model is based on the hypothesis thatExpand
Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation
TLDR
An intrusion detection evaluation test bed was developed which generated normal traffic similar to that on a government site containing 100's of users on 1000's of hosts and the best systems failed to detect roughly half these new attacks which included damaging access to root-level privileges by remote users. Expand
ADMIT: anomaly-based data mining for intrusions
TLDR
This paper deals with the problem of differentiating between masqueraders and the true user of a computer terminal by creating user profiles using semi-incremental techniques and suggests ideas for dealing with concept drift. Expand
Data Mining Approaches for Intrusion Detection
TLDR
An agent-based architecture for intrusion detection systems where the learning agents continuously compute and provide the updated (detection) models to the detection agents is proposed. Expand
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation
TLDR
Eight sites participated in the second DARPA off-line intrusion detection evaluation in 1999 and best detection was provided by network-based systems for old probe and old denial-of-service (DoS) attacks and by host- based systems for Solaris user-to-root (U2R) attacks. Expand
A Markov Chain Model of Temporal Behavior for Anomaly Detection
  • N. Ye
  • Computer Science
  • 2000
TLDR
The technique was implemented and tested on the audit data of a Sun Solaris system and showed that the technique clearly distinguished intrusive activities from normal activities in the testing data. Expand
INTEGRATING FUZZY LOGIC WITH DATA MINING METHODS FOR INTRUSION DETECTION
TLDR
This report explores integrating fuzzy logic with two data mining methods (association rules and frequency episodes) for intrusion detection, and describes a set of experiments that show the utility of fuzzy association rules and fuzzy frequency episodes in intrusion detection. Expand
...
1
2
3
4
...