On modal and fuzzy decision logics based on rough set theory
Fundamenta Informaticae
Hiding Intrusions: From the Abnormal to the Normal and Beyond
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Guarding the next Internet frontier: countering denial of information attacks
Proceedings of the 2002 workshop on New security paradigms
Bootstrapping a data mining intrusion detection system
Proceedings of the 2003 ACM symposium on Applied computing
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Detecting Network Attacks in the Internet via Statistical Network Traffic Normality Prediction
Journal of Network and Systems Management
Combining a bayesian classifier with visualisation: understanding the IDS
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
An new intrusion detection method based on linear prediction
InfoSecu '04 Proceedings of the 3rd international conference on Information security
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Using artificial anomalies to detect unknown and known network intrusions
Knowledge and Information Systems
Measuring intrusion detection capability: an information-theoretic approach
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Behavior-based modeling and its application to Email analysis
ACM Transactions on Internet Technology (TOIT)
Real-time data attack isolation for commercial database applications
Journal of Network and Computer Applications
Factor-analysis based anomaly detection and clustering
Decision Support Systems
Analyzing and evaluating dynamics in stide performance for intrusion detection
Knowledge-Based Systems
NetHost-sensor: Monitoring a target host's application via system calls
Information Security Tech. Report
On Inferring Application Protocol Behaviors in Encrypted Network Traffic
The Journal of Machine Learning Research
An information-theoretic approach to network monitoring and measurement
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
A hybrid machine learning approach to network anomaly detection
Information Sciences: an International Journal
Network anomaly detection with incomplete audit data
Computer Networks: The International Journal of Computer and Telecommunications Networking
Processing of massive audit data streams for real-time anomaly intrusion detection
Computer Communications
Using information gain to improve multi-modal information retrieval systems
Information Processing and Management: an International Journal
An adaptive automatically tuning intrusion detection system
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
CURIO: a fast outlier and outlier cluster detection algorithm for large datasets
AIDM '07 Proceedings of the 2nd international workshop on Integrating artificial intelligence and data mining - Volume 84
Backhoe, a Packet Trace and Log Browser
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Streaming Estimation of Information-Theoretic Metrics for Anomaly Detection (Extended Abstract)
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
An empirical evaluation of entropy-based traffic anomaly detection
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
IDS Based on Bio-inspired Models
KES '07 Knowledge-Based Intelligent Information and Engineering Systems and the XVII Italian Workshop on Neural Networks on Proceedings of the 11th International Conference
Predicting intrusion goal using dynamic Bayesian network with transfer probability estimation
Journal of Network and Computer Applications
An architecture of unknown attack detection system against zero-day worm
ACS'08 Proceedings of the 8th conference on Applied computer scince
Internet traffic behavior profiling for network security monitoring
IEEE/ACM Transactions on Networking (TON)
ACM Computing Surveys (CSUR)
A New Data-Mining Based Approach for Network Intrusion Detection
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Spatio-temporal network anomaly detection by assessing deviations of empirical measures
IEEE/ACM Transactions on Networking (TON)
Entropy based adaptive flow aggregation
IEEE/ACM Transactions on Networking (TON)
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Constructing attribute weights from computer audit data for effective intrusion detection
Journal of Systems and Software
On achieving good operating points on an ROC plane using stochastic anomaly score prediction
Proceedings of the 16th ACM conference on Computer and communications security
SMS-Watchdog: Profiling Social Behaviors of SMS Users for Anomaly Detection
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
Is early warning of an imminent worm epidemic possible?
IEEE Network: The Magazine of Global Internetworking
Intrusion detection at packet level by unsupervised architectures
IDEAL'07 Proceedings of the 8th international conference on Intelligent data engineering and automated learning
Fraud detection in process aware systems
Companion Proceedings of the XIV Brazilian Symposium on Multimedia and the Web
A distribution-based approach to anomaly detection and application to 3G mobile traffic
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Combining hidden Markov models for improved anomaly detection
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Distribution-based anomaly detection in 3G mobile networks: from theory to practice
International Journal of Network Management
k-zero day safety: measuring the security risk of networks against unknown attacks
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Understanding and evaluating the impact of sampling on anomaly detection techniques
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Network intrusion detection based on system calls and data mining
Frontiers of Computer Science in China
Dynamic feature analysis and measurement for large-scale network traffic monitoring
IEEE Transactions on Information Forensics and Security
Atypicity detection in data streams: A self-adjusting approach
Intelligent Data Analysis - Ubiquitous Knowledge Discovery
Fusing intrusion data for detection and containment
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Exploring discrepancies in findings obtained with the KDD Cup '99 data set
Intelligent Data Analysis
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Monitoring abnormal network traffic based on blind source separation approach
Journal of Network and Computer Applications
Context change detection for resource allocation in service-oriented systems
KES'11 Proceedings of the 15th international conference on Knowledge-based and intelligent information and engineering systems - Volume Part II
On detecting abrupt changes in network entropy time series
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Wiki-Watchdog: Anomaly Detection in Wikipedia Through a Distributional Lens
WI-IAT '11 Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 01
An efficient parzen-window based network intrusion detector using a pattern synthesis technique
PReMI'05 Proceedings of the First international conference on Pattern Recognition and Machine Intelligence
A novel anomaly detection using small training sets
IDEAL'05 Proceedings of the 6th international conference on Intelligent Data Engineering and Automated Learning
SVM approach with a genetic algorithm for network intrusion detection
ISCIS'05 Proceedings of the 20th international conference on Computer and Information Sciences
An immunity-based intrusion detection solution for database systems
WAIM'05 Proceedings of the 6th international conference on Advances in Web-Age Information Management
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Network intrusion detection using statistical probability distribution
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part II
"Andromaly": a behavioral malware detection framework for android devices
Journal of Intelligent Information Systems
A probabilistic method for detecting anomalous program behavior
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Service discrimination and audit file reduction for effective intrusion detection
WISA'04 Proceedings of the 5th international conference on Information Security Applications
A brief observation-centric analysis on anomaly-based intrusion detection
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Detection of illegal information flow
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Towards an information-theoretic framework for analyzing intrusion detection systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
A dead-lock free self-healing algorithm for distributed transactional processes
ICISS'06 Proceedings of the Second international conference on Information Systems Security
NORT: runtime anomaly-based monitoring of malicious behavior for windows
RV'11 Proceedings of the Second international conference on Runtime verification
On Modal and Fuzzy Decision Logics Based on Rough Set Theory
Fundamenta Informaticae
The Journal of Supercomputing
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Detection of HTTP-GET attack with clustering and information theoretic measurements
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
A close look on n-grams in intrusion detection: anomaly detection vs. classification
Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Cross-domain privacy-preserving cooperative firewall optimization
IEEE/ACM Transactions on Networking (TON)
An information-theoretical approach to high-speed flow nature identification
IEEE/ACM Transactions on Networking (TON)
Causal inference with rare events in large-scale time-series data
IJCAI'13 Proceedings of the Twenty-Third international joint conference on Artificial Intelligence
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Abstract: Anomaly detection is an essential component of the protection mechanisms against novel attacks. In this paper, we propose to use several information-theoretic measures, namely, entropy, conditional entropy, relative conditional entropy, information gain, and information cost for anomaly detection. These measures can be used to describe the characteristics of an audit data set, suggest the appropriate anomaly detection model(s) to be built, and explain the performance of the model(s). We use case studies on Unix system call data, BSM data, and network tcpdump data to illustrate the utilities of these measures.