ACM Transactions on Information and System Security (TISSEC)
Anomaly Detection in Embedded Systems
IEEE Transactions on Computers - Special issue on fault-tolerant embedded systems
A Synthetic Fraud Data Generation Methodology
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
An Experimental Study of Security Vulnerabilities Caused by Errors
DSN '01 Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS)
Guarding the next Internet frontier: countering denial of information attacks
Proceedings of the 2002 workshop on New security paradigms
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Continual repair for windows using the event log
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Using artificial anomalies to detect unknown and known network intrusions
Knowledge and Information Systems
Measuring intrusion detection capability: an information-theoretic approach
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Investigating hidden Markov models capabilities in anomaly detection
Proceedings of the 43rd annual Southeast regional conference - Volume 1
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Trace anomalies as precursors of field failures: an empirical study
Empirical Software Engineering
A case study in testing a network security algorithm
Proceedings of the 4th International Conference on Testbeds and research infrastructures for the development of networks & communities
On the Limits of Payload-Oblivious Network Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A comparison of techniques for on-line incremental learning of HMM parameters in anomaly detection
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Combining hidden Markov models for improved anomaly detection
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
An expert system for detecting automobile insurance fraud using social network analysis
Expert Systems with Applications: An International Journal
Two effective methods to detect anomalies in embedded systems
Microelectronics Journal
ICNC'05 Proceedings of the First international conference on Advances in Natural Computation - Volume Part III
Service discrimination and audit file reduction for effective intrusion detection
WISA'04 Proceedings of the 5th international conference on Information Security Applications
On the role of information compaction to intrusion detection
ISSADS'05 Proceedings of the 5th international conference on Advanced Distributed Systems
Self-adaptive and dynamic clustering for online anomaly detection
Expert Systems with Applications: An International Journal
| Hi-index | 0.00 |
Anomaly detection is a key element of intrusion-detection and other detection systems in which perturbations of normal behavior suggest the presence of intentionally or unintentionally induced attacks, faults, defects, etc. Because most anomaly detectors are based on probabilistic algorithms that exploit the intrinsic structure, or regularity, embedded in data logs, a fundamental question is whether such structure influences detection performance. If detector performance were indeed a function of environmental regularity, it would be critical to match detectors to environmental characteristics. In intrusion-detection settings, however, this is not done, possibly because such characteristics are not easily ascertained. This paper introduces a metric for characterizing structure in data environments, and tests the hypothesis that intrinsic structure influences probabilistic detection. In a series of experiments, an anomaly-detection algorithm was applied to a benchmark suite of 165 carefully calibrated, anomaly-injected datasets of varying structure. Results showed performance differences of as much as an order of magnitude, indicating that current approaches to anomaly detection may not be universally dependable.