IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Detecting masquerades in intrusion detection based on unpopular commands
Information Processing Letters
ACM Transactions on Information and System Security (TISSEC)
Using Text Categorization Techniques for Intrusion Detection
Proceedings of the 11th USENIX Security Symposium
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
One-class svms for document classification
The Journal of Machine Learning Research
Snort 2.1 Intrusion Detection, Second Edition
Snort 2.1 Intrusion Detection, Second Edition
Estimating the Support of a High-Dimensional Distribution
Neural Computation
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Adaptive anomaly detection with evolving connectionist systems
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Processing of massive audit data streams for real-time anomaly intrusion detection
Computer Communications
Towards Fast Detecting Intrusions: Using Key Attributes of Network Traffic
ICIMP '08 Proceedings of the 2008 The Third International Conference on Internet Monitoring and Protection
Casting out Demons: Sanitizing Training Data for Anomaly Sensors
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Data Streaming with Affinity Propagation
ECML PKDD '08 Proceedings of the European conference on Machine Learning and Knowledge Discovery in Databases - Part II
Fast intrusion detection based on a non-negative matrix factorization model
Journal of Network and Computer Applications
Constructing attribute weights from computer audit data for effective intrusion detection
Journal of Systems and Software
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Optimizing network anomaly detection scheme using instance selection mechanism
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A signal processing view on packet sampling and anomaly detection
INFOCOM'10 Proceedings of the 29th conference on Information communications
Anomalous payload-based worm detection and signature generation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
High-speed web attack detection through extracting exemplars from HTTP traffic
Proceedings of the 2011 ACM Symposium on Applied Computing
Hi-index | 0.00 |
High speed of processing massive audit data is crucial for an anomaly Intrusion Detection System (IDS) to achieve real-time performance during the detection. Abstracting audit data is a potential solution to improve the efficiency of data processing. In this work, we propose two strategies of data abstraction in order to build a lightweight detection model. The first strategy is exemplar extraction and the second is attribute abstraction. Two clustering algorithms, Affinity Propagation (AP) as well as traditional k-means, are employed to extract the exemplars, and Principal Component Analysis (PCA) is employed to abstract important attributes (a.k.a. features) from the audit data. Real HTTP traffic data collected in our institute as well as KDD 1999 data are used to validate the two strategies of data abstraction. The extensive test results show that the process of exemplar extraction significantly improves the detection efficiency and has a better detection performance than PCA in data abstraction.