Machine Learning Techniques for Anomaly Detection: An Overview

@article{Omar2013MachineLT,
  title={Machine Learning Techniques for Anomaly Detection: An Overview},
  author={Salima Omar and Asri Md. Ngadi and Hamid H. Jebur},
  journal={International Journal of Computer Applications},
  year={2013},
  volume={79},
  pages={33-41}
}
Intrusion detection has gain a broad attention and become a fertile field for several researches, and still being the subject of widespread interest by researchers. The intrusion detection community still confronts difficult problems even after many years of research. Reducing the large number of false alerts during the process of detecting unknown attack patterns remains unresolved problem. However, several research results recently have shown that there are potential solutions to this problem… 

Figures from this paper

Machine Learning Applications for Anomaly Detection

TLDR
This chapter is an attempt to provide a structured and a broad overview of extensive research on anomaly detection techniques spanning multiple research areas and application domains.

Low-Rate False Alarm Anomaly-Based Intrusion Detection System with One-Class SVM

TLDR
This work proposes to use an algorithm named one-class support vector machine (one-class SVM) to detect anomalies, decreasing the false alarm (false positive) rate with the same false negative rate.

An Improved KNN Classifier for Anomaly Intrusion Detection System Using Cluster Optimization

TLDR
An improved, modified KNN classifier using clustering optimization which is more effective at curbing both known and known intrusions in existing anomaly intrusion detection system is presented.

Enhancing Intrusion Detection Using Statistical Functions

TLDR
The research aimed to specify a mathematical model to enhance the intrusion detection process and implemented a system to prove the model applicability, which proofs the idea behind mathematical functions utilization in such field; network security.

Machine Learning for anomaly detection. Performance study considering anomaly distribution in an imbalanced dataset

TLDR
This article develops an experimental setup for comparative analysis of two types of machine learning techniques in their application to anomaly detection systems and studies their performance taking into account anomaly distribution in an imbalanced dataset.

Anomaly detection to predict failures in server systems

TLDR
It is concluded that the proposed additions make it possible to improve the forecasting accuracy of the model and reduce the number of false positives of the method, and the method can be used for early detection of gradual failures in the operation of server systems.

Wk-fnn design for detection of anomalies in the computer network traffic

TLDR
A WK-FNN hybrid model for the detection of the opposite decisions is presented and it is shown that results can be improved with the xor bitwise operation.

A robust anomaly detection method using a constant false alarm rate approach

TLDR
A new anomaly detection method that operates by decomposing TCP traffic into control and data planes, which exhibit similar behaviors in the absence of attacks is proposed.

IP Network Anomaly Detection using Machine Learning

TLDR
Three approaches based on ML (Machine Learning) have been proposed to detect suspicious network behavior and it is believed that these approaches can be directly deployed in a real-time environment (independently on the edge device or over the cloud) to strengthen the network security.

Review of Current Machine Learning Approaches for Anomaly Detection in Network Traffic

TLDR
A comprehensive survey was completed to give a broad perspective of what recently has been done in the area of anomaly detection, with a variety of typical applications such as WSNs, IoT, high-performance computing, industrial control systems (ICS), and software-defined network (SDN) environments.
...

References

SHOWING 1-10 OF 100 REFERENCES

Intrusion detection using radial basis function network on sequences of system calls

TLDR
A host-based IDS model that functions as a combined anomaly/misuse detector that helps to overcome most of the limitations in existing models is described, utilizing a Radial Basis Function neural network.

Adaptive anomaly detection with evolving connectionist systems

Intrusion detection using neural networks and support vector machines

  • S. MukkamalaG. JanoskiA. Sung
  • Computer Science
    Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290)
  • 2002
TLDR
Using a set of benchmark data from a KDD (knowledge discovery and data mining) competition designed by DARPA, it is demonstrated that efficient and accurate classifiers can be built to detect intrusions.

Artificial Neural Networks Architecture For Intrusion Detection Systems and Classification of Attacks

TLDR
This study aimed to solve a multi-class problem of intrusion detection using MLP in which not only the attack records are distinguished from normal ones, but also the attack type is identified.

The use of artificial intelligence based techniques for intrusion detection: a review

TLDR
Various AI based techniques focusing on development of Intrusion detection system (IDS) have been reviewed and related studies have been compared by their source of audit data, processing criteria, technique used, dataset, classifier design, feature reduction technique employed and other experimental environment setup.

A hybrid machine learning approach to network anomaly detection

Octopus-IIDS: An anomaly based intelligent intrusion detection system

TLDR
An intrusion detection system model based on the behavior of network traffic through the analysis and classification of messages is presented, and two artificial intelligence techniques named Kohonen neural network and support vector machine are applied to detect anomalies.

A Neural Network Based System for Intrusion Detection and Classification of Attacks

TLDR
This research aims to solve a multi class problem in which the type of attack is also detected by the neural network, and is capable of classifying records with about 91% accuracy with two hidden layers of neurons in the Neural network.

Real-Time Intrusion Detection System Based on Self-Organized Maps and Feature Correlations

  • Hayoung OhK. Chae
  • Computer Science
    2008 Third International Conference on Convergence and Hybrid Information Technology
  • 2008
TLDR
This paper proposes a real-time intrusion detection system based on SOM that groups similar data and visualize their clusters and labels the map produced by SOM using correlations between features.
...