IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Learning regular sets from queries and counterexamples
Information and Computation
Inference of finite automata using homing sequences
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Discrete-time signal processing
Discrete-time signal processing
Introduction to algorithms
Introduction to statistical pattern recognition (2nd ed.)
Introduction to statistical pattern recognition (2nd ed.)
COLT '90 Proceedings of the third annual workshop on Computational learning theory
Instance-Based Learning Algorithms
Machine Learning
A Nearest Hyperrectangle Learning Method
Machine Learning
C4.5: programs for machine learning
C4.5: programs for machine learning
Fundamentals of speech recognition
Fundamentals of speech recognition
Learning to recognize promoter sequences in E. coli by modeling uncertainty in the training data
AAAI '94 Proceedings of the twelfth national conference on Artificial intelligence (vol. 1)
Classification and detection of computer intrusions
Classification and detection of computer intrusions
A decision-theoretic generalization of on-line learning and an application to boosting
Journal of Computer and System Sciences - Special issue: 26th annual ACM symposium on the theory of computing & STOC'94, May 23–25, 1994, and second annual Europe an conference on computational learning theory (EuroCOLT'95), March 13–15, 1995
Time-series similarity problems and well-separated geometric sets
SCG '97 Proceedings of the thirteenth annual symposium on Computational geometry
Robust classification systems for imprecise environments
AAAI '98/IAAI '98 Proceedings of the fifteenth national/tenth conference on Artificial intelligence/Innovative applications of artificial intelligence
Reduction Techniques for Instance-BasedLearning Algorithms
Machine Learning
Pattern Recognition and Neural Networks
Pattern Recognition and Neural Networks
Mining Sequential Patterns: Generalizations and Performance Improvements
EDBT '96 Proceedings of the 5th International Conference on Extending Database Technology: Advances in Database Technology
PKDD '97 Proceedings of the First European Symposium on Principles of Data Mining and Knowledge Discovery
Rule induction and instance-based learning a unified approach
IJCAI'95 Proceedings of the 14th international joint conference on Artificial intelligence - Volume 2
Similarity methods in signal processing
IEEE Transactions on Signal Processing
Intrusion detection in wireless ad-hoc networks
MobiCom '00 Proceedings of the 6th annual international conference on Mobile computing and networking
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the seventh ACM SIGKDD international conference on Knowledge discovery and data mining
Learning temporal patterns for anomaly intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Simple, state-based approaches to program-based anomaly detection
ACM Transactions on Information and System Security (TISSEC)
Semantic anomaly detection in online data sources
Proceedings of the 24th International Conference on Software Engineering
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Mining system audit data: opportunities and challenges
ACM SIGMOD Record
Incremental Learning with Partial Instance Memory
ISMIS '02 Proceedings of the 13th International Symposium on Foundations of Intelligent Systems
User Profiling for Intrusion Detection Using Dynamic and Static Behavioral Models
PAKDD '02 Proceedings of the 6th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining
An Algorithm for Building User-Role Profiles in a Trust Environment
DaWaK 2000 Proceedings of the 4th International Conference on Data Warehousing and Knowledge Discovery
Applying data mining to intrusion detection: the quest for automation, efficiency, and credibility
ACM SIGKDD Explorations Newsletter
ADMIT: anomaly-based data mining for intrusions
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Rule-based anomaly pattern detection for detecting disease outbreaks
Eighteenth national conference on Artificial intelligence
Cross-Feature Analysis for Detecting Ad-Hoc Routing Anomalies
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Markov Chains, Classifiers, and Intrusion Detection
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Mining distance-based outliers in near linear time with randomization and a simple pruning rule
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Towards NIC-based intrusion detection
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Unsupervised learning techniques for an intrusion detection system
Proceedings of the 2004 ACM symposium on Applied computing
Incremental learning with partial instance memory
Artificial Intelligence
User re-authentication via mouse movements
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
An new intrusion detection method based on linear prediction
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Helping users avoid bugs in GUI applications
Proceedings of the 27th international conference on Software engineering
An internet routing forensics framework for discovering rules of abnormal BGP events
ACM SIGCOMM Computer Communication Review
A blackboard-based learning intrusion detection system: a new approach
IEA/AIE'2003 Proceedings of the 16th international conference on Developments in applied artificial intelligence
Behavior-based modeling and its application to Email analysis
ACM Transactions on Internet Technology (TOIT)
Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
The Journal of Machine Learning Research
Adaptive anomaly detection with evolving connectionist systems
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Network intrusion detection in covariance feature space
Pattern Recognition
A new intrusion detection system using support vector machines and hierarchical clustering
The VLDB Journal — The International Journal on Very Large Data Bases
Sequence alignment for masquerade detection
Computational Statistics & Data Analysis
Removing biases in unsupervised learning of sequential patterns
Intelligent Data Analysis
Anomaly-based fault detection in pervasive computing system
Proceedings of the 5th international conference on Pervasive services
Detecting anomalous access patterns in relational databases
The VLDB Journal — The International Journal on Very Large Data Bases
Mechanisms for database intrusion detection and response
Proceedings of the 2nd SIGMOD PhD workshop on Innovative database research
Sequence Matching for Suspicious Activity Detection in Anti-Money Laundering
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Some issues about outlier detection in rough set theory
Expert Systems with Applications: An International Journal
ACM Computing Surveys (CSUR)
Implicit User Re-authentication for Mobile Devices
UIC '09 Proceedings of the 6th International Conference on Ubiquitous Intelligence and Computing
VOGUE: A variable order hidden Markov model with duration based on frequent sequence mining
ACM Transactions on Knowledge Discovery from Data (TKDD)
P2P-AIS: a P2P artificial immune systems architecture for detecting DDoS flooding attacks
GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
Applying Kernel methods to anomaly based intrusion detection systems
GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
A novel approach to design of user re-authentication systems
BTAS'09 Proceedings of the 3rd IEEE international conference on Biometrics: Theory, applications and systems
The research of NIDS based on improved GA
WiCOM'09 Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing
Anomaly detection of masquerders based upon typing biometrics and probabilistic neural network
Journal of Computing Sciences in Colleges
A risk-sensitive intrusion detection model
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Design and implementation of security system based on immune system
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
ELICIT: a system for detecting insiders who violate need-to-know
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
An information entropy-based approach to outlier detection in rough sets
Expert Systems with Applications: An International Journal
Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method
Journal of Systems and Software
Fuzzy clustering-based approach for outlier detection
ACE'10 Proceedings of the 9th WSEAS international conference on Applications of computer engineering
New outlier detection method based on fuzzy clustering
WSEAS Transactions on Information Science and Applications
A reference based analysis framework for analyzing system call traces
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Alerts visualization and clustering in network-based intrusion detection
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Evolving boundary detector for anomaly detection
Expert Systems with Applications: An International Journal
A brief survey on sequence classification
ACM SIGKDD Explorations Newsletter
Discrete wavelet transform-based time series analysis and mining
ACM Computing Surveys (CSUR)
Enhancing Intrusion Detection System with proximity information
International Journal of Security and Networks
Automating security configuration and administration: an access control perspective
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
A novel two-stage phased modeling framework for early fraud detection in online auctions
Expert Systems with Applications: An International Journal
A hybrid approach to outlier detection based on boundary region
Pattern Recognition Letters
ICICS'11 Proceedings of the 13th international conference on Information and communications security
ICAPR'05 Proceedings of the Third international conference on Pattern Recognition and Image Analysis - Volume Part II
A novel anomaly detection using small training sets
IDEAL'05 Proceedings of the 6th international conference on Intelligent Data Engineering and Automated Learning
Classification of hidden network streams
DaWaK'06 Proceedings of the 8th international conference on Data Warehousing and Knowledge Discovery
Intrusion detection via analysis and modelling of user commands
DaWaK'05 Proceedings of the 7th international conference on Data Warehousing and Knowledge Discovery
Outlier detection using rough set theory
RSFDGrC'05 Proceedings of the 10th international conference on Rough Sets, Fuzzy Sets, Data Mining, and Granular Computing - Volume Part II
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
A reinforcement learning approach for host-based intrusion detection using sequences of system calls
ICIC'05 Proceedings of the 2005 international conference on Advances in Intelligent Computing - Volume Part I
Removing statistical biases in unsupervised sequence learning
IDA'05 Proceedings of the 6th international conference on Advances in Intelligent Data Analysis
Service discrimination and audit file reduction for effective intrusion detection
WISA'04 Proceedings of the 5th international conference on Information Security Applications
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
On the role of information compaction to intrusion detection
ISSADS'05 Proceedings of the 5th international conference on Advanced Distributed Systems
Detecting impersonation attacks in future wireless and mobile networks
MADNES'05 Proceedings of the First international conference on Secure Mobile Ad-hoc Networks and Sensors
Integration of sequence learning and CBR for complex equipment failure prediction
ICCBR'11 Proceedings of the 19th international conference on Case-Based Reasoning Research and Development
Intrusion detection through learning behavior model
Computer Communications
Building agents for rule-based intrusion detection system
Computer Communications
The Journal of Supercomputing
Masquerade attacks based on user's profile
Journal of Systems and Software
A minimum spanning tree-inspired clustering-based outlier detection technique
ICDM'12 Proceedings of the 12th Industrial conference on Advances in Data Mining: applications and theoretical aspects
Fmeter: extracting indexable low-level system signatures by counting kernel function calls
Proceedings of the 13th International Middleware Conference
The Journal of Supercomputing
International Journal of Organizational and Collective Intelligence
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits
ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing
| Hi-index | 0.01 |
The anomaly-detection problem can be formulated as one of learning to characterize the behaviors of an individual, system, or network in terms of temporal sequences of discrete data. We present an approach on the basis of instance-based learning (IBL) techniques. To cast the anomaly-detection task in an IBL framework, we employ an approach that transforms temporal sequences of discrete, unordered observations into a metric space via a similarity measure that encodes intra-attribute dependencies. Classification boundaries are selected from an a posteriori characterization of valid user behaviors, coupled with a domain heuristic. An empirical evaluation of the approach on user command data demonstrates that we can accurately differentiate the profiled user from alternative users when the available features encode sufficient information. Furthermore, we demonstrate that the system detects anomalous conditions quickly — an important quality for reducing potential damage by a malicious user. We present several techniques for reducing data storage requirements of the user profile, including instance-selection methods and clustering. As empirical evaluation shows that a new greedy clustering algorithm reduces the size of the user model by 70%, with only a small loss in accuracy.