24,906 research outputs found
Conflict-driven Hybrid Observer-based Anomaly Detection
This paper presents an anomaly detection method using a hybrid observer --
which consists of a discrete state observer and a continuous state observer. We
focus our attention on anomalies caused by intelligent attacks, which may
bypass existing anomaly detection methods because neither the event sequence
nor the observed residuals appear to be anomalous. Based on the relation
between the continuous and discrete variables, we define three conflict types
and give the conditions under which the detection of the anomalies is
guaranteed. We call this method conflict-driven anomaly detection. The
effectiveness of this method is demonstrated mathematically and illustrated on
a Train-Gate (TG) system
CONDOR: A Hybrid IDS to Offer Improved Intrusion Detection
Intrusion Detection Systems are an accepted and very
useful option to monitor, and detect malicious activities.
However, Intrusion Detection Systems have inherent limitations which lead to false positives and false negatives; we propose that combining signature and anomaly based IDSs should be examined. This paper contrasts signature and anomaly-based IDSs, and critiques some proposals about hybrid IDSs with signature and heuristic capabilities, before considering some of their contributions in order to include them as main features of a new hybrid IDS named CONDOR (COmbined Network intrusion Detection ORientate), which is designed to offer superior pattern analysis and anomaly detection by reducing false positive rates and administrator intervention
- …