• DocumentCode
    2892617
  • Title

    A New, Principled Approach to Anomaly Detection

  • Author

    Ferragut, Erik M. ; Laska, J. ; Bridges, Robert A.

  • Author_Institution
    Comput. Sci. & Eng. Div., Oak Ridge Nat. Lab., Oak Ridge, WI, USA
  • Volume
    2
  • fYear
    2012
  • fDate
    12-15 Dec. 2012
  • Firstpage
    210
  • Lastpage
    215
  • Abstract
    Intrusion detection is often described as having two main approaches: signature-based and anomaly-based. We argue that only unsupervised methods are suitable for detecting anomalies. However, there has been a tendency in the literature to conflate the notion of an anomaly with the notion of a malicious event. As a result, the methods used to discover anomalies have typically been ad hoc, making it nearly impossible to systematically compare between models or regulate the number of alerts. We propose a new, principled approach to anomaly detection that addresses the main shortcomings of ad hoc approaches. We provide both theoretical and cyber-specific examples to demonstrate the benefits of our more principled approach.
  • Keywords
    digital signatures; security of data; anomaly detection; anomaly-based intrusion detection; malicious event; principled approach; signature-based intrusion detection; unsupervised methods; Computer security; Context; Gaussian distribution; IP networks; Probabilistic logic; Probability distribution; Vectors; anomaly detection; cyber security; intrusion detection; probabilistic model;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Machine Learning and Applications (ICMLA), 2012 11th International Conference on
  • Conference_Location
    Boca Raton, FL
  • Print_ISBN
    978-1-4673-4651-1
  • Type

    conf

  • DOI
    10.1109/ICMLA.2012.151
  • Filename
    6406752
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2892617