A novel anomaly detection using small training sets

Authors:
Qingbo Yin;Liran Shen;Rubo Zhang;Xueyao Li
Affiliations:
College Of Computer Science & Technology, Harbin Engineering University, Harbin, P.R. China;College Of Computer Science & Technology, Harbin Engineering University, Harbin, P.R. China;College Of Computer Science & Technology, Harbin Engineering University, Harbin, P.R. China;College Of Computer Science & Technology, Harbin Engineering University, Harbin, P.R. China
Venue:
IDEAL'05 Proceedings of the 6th international conference on Intelligent Data Engineering and Automated Learning
Year:
2005

Citing 2
Cited 0

Temporal sequence learning and data reduction for anomaly detection

ACM Transactions on Information and System Security (TISSEC)
Information-Theoretic Measures for Anomaly Detection

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anomaly detection is an essential component of the protection mechanism against novel attacks.Traditional methods need very large volume of purely training dataset, which is expensive to classify it manually. A new method for anomaly intrusion detection is proposed based on supervised clustering and markov chain model, which is designed to train from a small set of normal data. After short system call sequences are clustered, markov chain is used to learn the relationship among these clusters and classify the normal or abnormal. The observed behavior of the system is analyzed to infer the probability that the markov chain of the norm profile supports the observed behavior. markov information source entropy and condition entropy are used to select parameters. The experiments have showed that the method is effective to detect anomalistic behaviors, and enjoys better generalization ability when a small number of training dataset is used only.