A Dynamic Normal Profiling for Anomaly Detection

被引:0
作者
Zuo, Shenzheng [1 ]
机构
[1] Beijing Univ Posts & Telecommun, Ctr Intelligence Sci & Technol Res, Beijing 100088, Peoples R China
来源
2009 5TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-8 | 2009年
关键词
anomaly detection; floating rough approximation; masquerade detection; system call;
D O I
暂无
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
Machine learning-based anomaly detection approaches have attracted increasing attention in the intrusion detection community because of their intrinsic capabilities in discovering novel attacks. This paper introduces a dynamic normal profiling for anomaly detection system. It focuses on three specific contributions: (i) It continuously updates the normal profile by keeping the dynamic window size. (ii) The dynamic window adjustment through a concept drift learning algorithm which helps to keep relevant patterns and get rid of the outdated patterns. (iii) The dynamical normal profiling approach makes it a possible way for real-time anomaly detection. Experimental results show that our anomaly detection schemes are successful in automatically detecting the anomaly.
引用
收藏
页码:4404 / 4407
页数:4
相关论文
共 12 条
  • [1] Barbara D., 2001, P 1 SIAM C DAT MIN C
  • [2] Bloedorn E., 2001, DATA MINING NETWORK
  • [3] Chang C.-C., LIBSVM: a Library for Support Vector Machines
  • [4] Intrusion detection: A bioinformatics approach
    Coull, S
    Branch, J
    Szymanski, B
    Breimer, E
    [J]. 19TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2003, : 24 - 33
  • [5] KE W, 2003, P 3 IEEE C DAT MIN W
  • [6] Empirical evaluation of SVM-based masquerade detection using UNIX commands
    Kim, HS
    Cha, SD
    [J]. COMPUTERS & SECURITY, 2005, 24 (02) : 160 - 168
  • [7] Lane T. D., 2000, Machine learning techniques for the computer security domain of anomaly detection
  • [8] Masquerade detection using truncated command lines
    Maxion, RA
    Townsend, TN
    [J]. INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, PROCEEDINGS, 2002, : 219 - 228
  • [9] Schonlau M, 2001, STAT SCI, V16, P58
  • [10] Recursive data mining for masquerade detection and author identification
    Szymanski, BK
    Zhang, YQ
    [J]. PROCEEDINGS FROM THE FIFTH IEEE SYSTEMS, MAN AND CYBERNETICS INFORMATION ASSURANCE WORKSHOP, 2004, : 424 - 431
12