The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Evaluation of Intrusion Detectors: A Decision Theory Approach
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Measuring intrusion detection capability: an information-theoretic approach
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A Framework for the Evaluation of Intrusion Detection Systems
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Network anomaly detection based on TCM-KNN algorithm
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
An adaptive automatically tuning intrusion detection system
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Panacea: Automating Attack Classification for Anomaly-Based Network Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
An automatic and dynamic parameter tuning of a statistic-based anomaly detection algorithm
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A Hough-transform-based anomaly detector with an adaptive time interval
Proceedings of the 2011 ACM Symposium on Applied Computing
An analysis of signature overlaps in Intrusion Detection Systems
DSN '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems&Networks
Modeling and evaluating targeted attacks in large scale dynamic systems
DSN '11 Proceedings of the 2011 IEEE/IFIP 41st International Conference on Dependable Systems&Networks
A model-based approach to self-protection in computing system
Proceedings of the 2013 ACM Cloud and Autonomic Computing Conference
| Hi-index | 0.00 |
Parameter tuning in network anomaly detection systems is typically accomplished off-line and in an ad-hoc fashion. For operational deployment in a variety of conditions, it is important but challenging for a system to adaptively tune itself meeting performance goals and constraints. We propose and develop a self-tuning self-optimizing approach for automated network anomaly detection systems. Operators set performance expectations and priorities on a collection of metrics. A controller based on reinforcement learning and neural networks automatically performs control actions to meet expectations according to defined priorities. Tuning is accomplished without requiring direct operator access to system parameters. We examine the approach on AGHSOM anomaly detection system. We validate its effectiveness using a dataset consisting of both live trace and simulated network events. Experimental results show that the approach can self-calibrate its control parameters to meet operator performance requirements. It can self-optimize itself by maximizing individual performance metrics subject to the operator defined constraints. This work is a significant step towards building automated anomaly detection systems.