IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Algorithms for clustering data
Algorithms for clustering data
IEEE Transactions on Pattern Analysis and Machine Intelligence
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Practical Intrusion Detection Handbook
Practical Intrusion Detection Handbook
Fusion of multiple classifiers for intrusion detection in computer networks
Pattern Recognition Letters
Results of the KDD'99 classifier learning
ACM SIGKDD Explorations Newsletter
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
Support Vector Data Description
Machine Learning
Unsupervised learning techniques for an intrusion detection system
Proceedings of the 2004 ACM symposium on Applied computing
Combining Pattern Classifiers: Methods and Algorithms
Combining Pattern Classifiers: Methods and Algorithms
A study of the behavior of several methods for balancing machine learning training data
ACM SIGKDD Explorations Newsletter - Special issue on learning from imbalanced datasets
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Testing network-based intrusion detection signatures using mutant exploits
Proceedings of the 11th ACM conference on Computer and communications security
IEEE Transactions on Pattern Analysis and Machine Intelligence
Unsupervised anomaly detection in network intrusion detection using clusters
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Estimating the Support of a High-Dimensional Distribution
Neural Computation
A modular multiple classifier system for the detection of intrusions in computer networks
MCS'03 Proceedings of the 4th international conference on Multiple classifier systems
Classifier ensembles: Select real-world applications
Information Fusion
Improving Anomaly Detection Error Rate by Collective Trust Modeling
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
McPAD: A multiple classifier system for accurate payload-based anomaly detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Editorial: A Special Issue on information fusion in computer security
Information Fusion
Information fusion for computer security: State of the art and open issues
Information Fusion
Dynamic information source selection for intrusion detection systems
Proceedings of The 8th International Conference on Autonomous Agents and Multiagent Systems - Volume 2
Review: Intrusion detection by machine learning: A review
Expert Systems with Applications: An International Journal
Anomaly-Based Detection of IRC Botnets by Means of One-Class Support Vector Classifiers
ICIAP '09 Proceedings of the 15th International Conference on Image Analysis and Processing
Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Similarity-based classification using specific features in network intrusion detection
AsiaCSN '08 Proceedings of the Fifth IASTED International Conference on Communication Systems and Networks
An effective intrusion detection method using optimal hybrid model of classifiers
Journal of Computational Methods in Sciences and Engineering - Special Supplement Issue in Section A and B: Selected Papers from the ISCA International Conference on Software Engineering and Data Engineering, 2009
Exploring discrepancies in findings obtained with the KDD Cup '99 data set
Intelligent Data Analysis
Complexity and multithreaded implementation analysis of one class-classifiers fuzzy combiner
HAIS'11 Proceedings of the 6th international conference on Hybrid artificial intelligent systems - Volume Part II
Approach based ensemble methods for better and faster intrusion detection
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Anomaly detection using ensembles
MCS'11 Proceedings of the 10th international conference on Multiple classifier systems
On the Value of Coordination in Distributed Self-Adaptation of Intrusion Detection System
WI-IAT '11 Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 02
An efficient local region and clustering-based ensemble system for intrusion detection
Proceedings of the 15th Symposium on International Database Engineering & Applications
Stock fraud detection using peer group analysis
Expert Systems with Applications: An International Journal
Combining diverse one-class classifiers
HAIS'12 Proceedings of the 7th international conference on Hybrid Artificial Intelligent Systems - Volume Part II
Automatic network intrusion detection: Current techniques and open issues
Computers and Electrical Engineering
Two-stage database intrusion detection by combining multiple evidence and belief update
Information Systems Frontiers
Combining one-class classifiers via meta learning
Proceedings of the 22nd ACM international conference on Conference on information & knowledge management
ACTIDS: an active strategy for detecting and localizing network attacks
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
A survey of multiple classifier systems as hybrid systems
Information Fusion
Diversity measures for one-class classifier ensembles
Neurocomputing
International Journal of Ad Hoc and Ubiquitous Computing
Advanced Engineering Informatics
Clustering-based ensembles for one-class classification
Information Sciences: an International Journal
Hi-index | 0.00 |
Since the early days of research on intrusion detection, anomaly-based approaches have been proposed to detect intrusion attempts. Attacks are detected as anomalies when compared to a model of normal (legitimate) events. Anomaly-based approaches typically produce a relatively large number of false alarms compared to signature-based IDS. However, anomaly-based IDS are able to detect never-before-seen attacks. As new types of attacks are generated at an increasing pace and the process of signature generation is slow, it turns out that signature-based IDS can be easily evaded by new attacks. The ability of anomaly-based IDS to detect attacks never observed in the wild has stirred up a renewed interest in anomaly detection. In particular, recent work focused on unsupervised or unlabeled anomaly detection, due to the fact that it is very hard and expensive to obtain a labeled dataset containing only pure normal events. The unlabeled approaches proposed so far for network IDS focused on modeling the normal network traffic considered as a whole. As network traffic related to different protocols or services exhibits different characteristics, this paper proposes an unlabeled Network Anomaly IDS based on a modular Multiple Classifier System (MCS). Each module is designed to model a particular group of similar protocols or network services. The use of a modular MCS allows the designer to choose a different model and decision threshold for different (groups of) network services. This also allows the designer to tune the false alarm rate and detection rate produced by each module to optimize the overall performance of the ensemble. Experimental results on the KDD-Cup 1999 dataset show that the proposed anomaly IDS achieves high attack detection rate and low false alarm rate at the same time.