Temporally oblivious anomaly detection on large networks using functional peers
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Prophiler: a fast filter for the large-scale detection of malicious web pages
Proceedings of the 20th international conference on World wide web
Towards vulnerability-based intrusion detection with event processing
Proceedings of the 5th ACM international conference on Distributed event-based system
Fast, memory-efficient regular expression matching with NFA-OBDDs
Computer Networks: The International Journal of Computer and Telecommunications Networking
Should security researchers experiment more and draw more inferences?
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
On detecting abrupt changes in network entropy time series
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
MIDeA: a multi-parallel intrusion detection architecture
Proceedings of the 18th ACM conference on Computer and communications security
Static detection of malicious JavaScript-bearing PDF documents
Proceedings of the 27th Annual Computer Security Applications Conference
Cross-Domain collaborative anomaly detection: so far yet so close
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Securing application-level topology estimation networks: facing the frog-boiling attack
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Aiding the detection of fake accounts in large scale social online services
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Anomaly detection in water management systems
Critical Infrastructure Protection
ARC: protecting against HTTP parameter pollution attacks using application request caches
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Learning from early attempts to measure information security performance
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
Proceedings of the 5th ACM workshop on Security and artificial intelligence
Network-based intrusion detection systems go active!
Proceedings of the 2012 ACM conference on Computer and communications security
Evaluating electricity theft detectors in smart grid networks
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
N-Gram against the machine: on the feasibility of the n-gram network analysis for binary protocols
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems
Proceedings of the 2012 workshop on New security paradigms
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Intelligent alarm filter using knowledge-based alert verification in network intrusion detection
ISMIS'12 Proceedings of the 20th international conference on Foundations of Intelligent Systems
NSS'12 Proceedings of the 6th international conference on Network and System Security
Review: A survey of network flow applications
Journal of Network and Computer Applications
A learning system for discriminating variants of malicious network traffic
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Machine-oriented biometrics and cocooning for dynamic network defense
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Event stream database based architecture to detect network intrusion: (industry article)
Proceedings of the 7th ACM international conference on Distributed event-based systems
Protocol misidentification made easy with format-transforming encryption
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Detecting intrusions in encrypted control traffic
Proceedings of the first ACM workshop on Smart energy grid security
A close look on n-grams in intrusion detection: anomaly detection vs. classification
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Approaches to adversarial drift
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
ACTIDS: an active strategy for detecting and localizing network attacks
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Discovery of emergent malicious campaigns in cellular networks
Proceedings of the 29th Annual Computer Security Applications Conference
ProVeX: detecting botnets with encrypted command and control channels
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Proceedings of the 2013 workshop on New security paradigms workshop
A survey of intrusion detection techniques for cyber-physical systems
ACM Computing Surveys (CSUR)
Computer Networks: The International Journal of Computer and Telecommunications Networking
Proceedings of the 23rd international conference on World wide web
Quite a mess in my cookie jar!: leveraging machine learning to protect web authentication
Proceedings of the 23rd international conference on World wide web
Fake View Analytics in Online Video Services
Proceedings of Network and Operating System Support on Digital Audio and Video Workshop
Journal of Network and Computer Applications
Hi-index | 0.00 |
In network intrusion detection research, one popular strategy for finding attacks is monitoring a network's activity for anomalies: deviations from profiles of normality previously learned from benign traffic, typically identified using tools borrowed from the machine learning community. However, despite extensive academic research one finds a striking gap in terms of actual deployments of such systems: compared with other intrusion detection approaches, machine learning is rarely employed in operational "real world" settings. We examine the differences between the network intrusion detection problem and other areas where machine learning regularly finds much more success. Our main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively. We support this claim by identifying challenges particular to network intrusion detection, and provide a set of guidelines meant to strengthen future research on anomaly detection.