Adaptive real-time anomaly detection with incremental clustering
Information Security Tech. Report
ADWICE – anomaly detection with real-time incremental clustering
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Hi-index | 0.00 |
Modern intrusion detection systems are comprisedof three basically different approaches, host based,network based, and a third relatively recent additioncalled procedural based detection. The first two havebeen extremely popular in the commercial market for anumber of years now because they are relatively simpleto use, understand and maintain. However, they fallprey to a number of shortcomings such as scaling withincreased traffic requirements, use of complex and falsepositive prone signature databases, and their inability todetect novel intrusive attempts. The procedural basedintrusion detection systems represent a great leapforward over current security technologies by addressingthese and other concerns. This paper presents anoverview of our work in creating a true proceduralDisallowed Operational Anomaly (DOA) system.