A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Transductive Confidence Machines for Pattern Recognition
ECML '02 Proceedings of the 13th European Conference on Machine Learning
Results of the KDD'99 classifier learning
ACM SIGKDD Explorations Newsletter
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)
Detecting outliers using transduction and statistical testing
Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Network anomaly detection based on TCM-KNN algorithm
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A three-tier IDS via data mining approach
Proceedings of the 3rd annual ACM workshop on Mining network data
Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities
Journal of Systems Architecture: the EUROMICRO Journal
0day anomaly detection made possible thanks to machine learning
WWIC'10 Proceedings of the 8th international conference on Wired/Wireless Internet Communications
Hi-index | 0.00 |
Machine learning-based anomaly detection approaches have attracted increasing attention in the network intrusion detection community because of their intrinsic capabilities in discovering novel attacks. However, most of today's anomaly-based IDSs generate high false positive rates and miss many attacks because of a deficiency in their ability to discriminate attacks from legitimate behaviors. In this paper, we propose an anomaly intrusion detection method using the Combined Strangeness and Isolation measure K-Nearest Neighbors (CSI-KNN) algorithm. The intrusion detection algorithm analyzes different characteristics of network data by employing two measures: strangeness and isolation. Based on these measures, a correlation unit raises intrusion alerts with associated confidence estimates. Multiple CSI-KNN classifiers work in parallel to deal with different types of network services so that the CSI-KNN-based NIDS can work more efficiently than processing all network services together.