IEEE Transactions on Software Engineering - Special issue on computer security and privacy
NADIR: an automated system for detecting network intrusion and misuse
Computers and Security
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Pattern Recognition and Neural Networks
Pattern Recognition and Neural Networks
Anomaly Detection over Noisy Data using Learned Probability Distributions
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
The 1998 Lincoln Laboratory IDS Evaluation
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Network intrusion detection using genetic algorithm to find best DNA signature
WSEAS TRANSACTIONS on SYSTEMS
An evaluation of connection characteristics for separating network attacks
International Journal of Security and Networks
Network anomaly detection based on wavelet analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Hi-index | 0.00 |
In this paper, we propose a new unsupervised anomaly detection framework for detecting network intrusions online. The framework consists of new anomalousness metrics named IP Weight and an outlier detection algorithm based on Gaussian mixture model (GMM). IP Weights convert the features of IP packets into a four-dimensional numerical feature space, in which the outlier detection takes place. Intrusion decisions are made based on the outcome of outlier detections. Two sets of experiments are conducted to evaluate our framework. In the first experiment, we conduct an offline evaluation based on the 1998 DARPA intrusion detection dataset, which detects 16 types of attacks out of a total of 19 network attack types. In the second experiment, an online evaluation is performed in a live networking environment. The evaluation result not only confirms the detection effectiveness with DARPA dataset, but also shows a strong runtime efficiency, with response times falling within seconds.