Case-Based Anomaly Detection

  • Authors:
  • Alessandro Micarelli;Giuseppe Sansonetti

  • Affiliations:
  • Department of Computer Science and Automation, Artificial Intelligence Laboratory, Roma Tre University, Via della Vasca Navale, 79, 00146 Rome, Italy;Department of Computer Science and Automation, Artificial Intelligence Laboratory, Roma Tre University, Via della Vasca Navale, 79, 00146 Rome, Italy

  • Venue:
  • ICCBR '07 Proceedings of the 7th international conference on Case-Based Reasoning: Case-Based Reasoning Research and Development
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Computer and network security is an extremely active and productive research area. Scientists from all over the world address the pertaining issues, using different types of models and methods. In this article we illustrate a case-based approach where the normal user-computer interaction is read like snapshots regarding a reduced number of instances of the same application, attack-free and sufficiently different from each other. The generic case representation is obtained by interpreting in numeric form the arguments and parameters of system calls deemed potentially dangerous. The similarity measure between a new input case and the ones stored in the case library is achieved through the calculation of the Earth Mover's Distance between the corresponding feature distributions, obtained by means of cluster analysis.