A New, Principled Approach to Anomaly Detection

被引：12

作者：

Ferragut, Erik M. ^{[1
]}

Laska, Jason ^{[1
]}

Bridges, Robert A. ^{[1
]}

机构：

[1] Oak Ridge Natl Lab, Computat Sci & Engn Div, Oak Ridge, TN 37830 USA

来源：

2012 11TH INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA 2012), VOL 2 | 2012年

关键词：

D O I：

10.1109/ICMLA.2012.151

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Intrusion detection is often described as having two main approaches: signature-based and anomaly-based. We argue that only unsupervised methods are suitable for detecting anomalies. However, there has been a tendency in the literature to conflate the notion of an anomaly with the notion of a malicious event. As a result, the methods used to discover anomalies have typically been ad hoc, making it nearly impossible to systematically compare between models or regulate the number of alerts. We propose a new, principled approach to anomaly detection that addresses the main shortcomings of ad hoc approaches. We provide both theoretical and cyber-specific examples to demonstrate the benefits of our more principled approach.

引用

页码：210 / 215

页数：6

共 8 条

[1]

[Anonymous], 2007, ADV NEURAL INFORM PR

[2]

Cao Y., 2009, P SOC PHOTO-OPT INS, V7480

[3]

Cook K., 2012, VAST CHALLENGE 2012

[4] AN INTRUSION-DETECTION MODEL [J].

DENNING, DE .

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 1987, 13 (02) :222-232

[5]

Gu G., 2008, USENIX Security Symposium, V5, P139

[6]

Portnoy L., 2001, Proc. ACM CSS Workshop on Data Mining Applied to Security (DMSA), P5

[7] Anomaly Detection: A Survey [J].

Chandola, Varun ;

Banerjee, Arindam ;

Kumar, Vipin .

ACM COMPUTING SURVEYS, 2009, 41 (03)

[8]

Tandon G., 2009, P 2009 SIAM INT C DA, P871, DOI [10.1137/1.9781611972795.75, DOI 10.1137/1.9781611972795.75]

← 1 →