17,208 research outputs found
Autonomic Parameter Tuning of Anomaly-Based IDSs: an SSH Case Study
Anomaly-based intrusion detection systems classify network traffic instances by comparing them with a model of the normal network behavior. To be effective, such systems are expected to precisely detect intrusions (high true positive rate) while limiting the number of false alarms (low false positive rate). However, there exists a natural trade-off between detecting all anomalies (at the expense of raising alarms too often), and missing anomalies (but not issuing any false alarms). The parameters of a detection system play a central role in this trade-off, since they determine how responsive the system is to an intrusion attempt. Despite the importance of properly tuning the system parameters, the literature has put little emphasis on the topic, and the task of adjusting such parameters is usually left to the expertise of the system manager or expert IT personnel. In this paper, we present an autonomic approach for tuning the parameters of anomaly-based intrusion detection systems in case of SSH traffic. We propose a procedure that aims to automatically tune the system parameters and, by doing so, to optimize the system performance. We validate our approach by testing it on a flow-based probabilistic detection system for the detection of SSH attacks
Design of Hybrid Network Anomalies Detection System (H-NADS) Using IP Gray Space Analysis
In Network Security, there is a major issue to secure the public or private network from abnormal users. It is because each network is made up of users, services and computers with a specific behavior that is also called as heterogeneous system. To detect abnormal users, anomaly detection system (ADS) is used. In this paper, we present a novel and hybrid Anomaly Detection System with the uses of IP gray space analysis and dominant scanning port identification heuristics used to detect various anomalous users with their potential behaviors. This methodology is the combination of both statistical and rule based anomaly detection which detects five types of anomalies with their three types of potential behaviors and generates respective alarm messages to GUI.Network Security, Anomaly Detection, Suspicious Behaviors Detection
SENATUS: An Approach to Joint Traffic Anomaly Detection and Root Cause Analysis
In this paper, we propose a novel approach, called SENATUS, for joint traffic
anomaly detection and root-cause analysis. Inspired from the concept of a
senate, the key idea of the proposed approach is divided into three stages:
election, voting and decision. At the election stage, a small number of
\nop{traffic flow sets (termed as senator flows)}senator flows are chosen\nop{,
which are used} to represent approximately the total (usually huge) set of
traffic flows. In the voting stage, anomaly detection is applied on the senator
flows and the detected anomalies are correlated to identify the most possible
anomalous time bins. Finally in the decision stage, a machine learning
technique is applied to the senator flows of each anomalous time bin to find
the root cause of the anomalies. We evaluate SENATUS using traffic traces
collected from the Pan European network, GEANT, and compare against another
approach which detects anomalies using lossless compression of traffic
histograms. We show the effectiveness of SENATUS in diagnosing anomaly types:
network scans and DoS/DDoS attacks
Conflict-driven Hybrid Observer-based Anomaly Detection
This paper presents an anomaly detection method using a hybrid observer --
which consists of a discrete state observer and a continuous state observer. We
focus our attention on anomalies caused by intelligent attacks, which may
bypass existing anomaly detection methods because neither the event sequence
nor the observed residuals appear to be anomalous. Based on the relation
between the continuous and discrete variables, we define three conflict types
and give the conditions under which the detection of the anomalies is
guaranteed. We call this method conflict-driven anomaly detection. The
effectiveness of this method is demonstrated mathematically and illustrated on
a Train-Gate (TG) system
Lost in Time: Temporal Analytics for Long-Term Video Surveillance
Video surveillance is a well researched area of study with substantial work
done in the aspects of object detection, tracking and behavior analysis. With
the abundance of video data captured over a long period of time, we can
understand patterns in human behavior and scene dynamics through data-driven
temporal analytics. In this work, we propose two schemes to perform descriptive
and predictive analytics on long-term video surveillance data. We generate
heatmap and footmap visualizations to describe spatially pooled trajectory
patterns with respect to time and location. We also present two approaches for
anomaly prediction at the day-level granularity: a trajectory-based statistical
approach, and a time-series based approach. Experimentation with one year data
from a single camera demonstrates the ability to uncover interesting insights
about the scene and to predict anomalies reasonably well.Comment: To Appear in Springer LNE
- …