A model for reasoning about persistence and causation
Computational Intelligence
Efficient Approximations for the MarginalLikelihood of Bayesian Networks with Hidden Variables
Machine Learning - Special issue on learning with probabilistic representations
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Bayesian biosurveillance of disease outbreaks
UAI '04 Proceedings of the 20th conference on Uncertainty in artificial intelligence
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
On the effectiveness of distributed worm monitoring
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An adaptive anomaly detector for worm detection
SYSML'07 Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques
When gossip is good: distributed probabilistic inference for detection of slow network intrusions
AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2
International Journal of Sensor Networks
Hi-index | 0.00 |
We present Cluster Onset Detection (COD), a novel algorithm to aid in detection of epidemic outbreaks. COD employs unsupervised learning techniques in an online setting to partition the population into subgroups, thus increasing the ability to make a detection over the population as a whole by decreasing the signal-to-noise ratio. The method is adaptive and able to alter its clustering in real-time without the need for detailed background knowledge of the population. COD attempts to detect a cluster made up primarily of infected hosts. We argue that this technique is largely complementary to the existing methods for outbreak detection and can generally be combined with one or more of them. We show empirical results applying COD to the problem of detecting a worm attack on a system of networked computers, and show that thIs method results in approximately 40% lower infection rate at a false positive rate of 1 per week than the best previously reported results on this data set achieved using an HMM model customized for the outbreak detection task.