Adaptive anomaly detection with evolving connectionist systems

Authors:
Yihua Liao;V. Rao Vemuri;Alejandro Pasos
Affiliations:
Department of Computer Science, University of California at Davis, Davis, CA;Department of Computer Science, University of California at Davis, Davis, CA and Department of Applied Science, University of California at Davis, Davis, CA;Department of Applied Science, University of California at Davis, Davis, CA
Venue:
Journal of Network and Computer Applications - Special issue: Network and information security: A computational intelligence approach
Year:
2007

Citing 19
Cited 9

Fuzzy ART: Fast stable learning and categorization of analog patterns by an adaptive resonance system

Neural Networks
The nature of statistical learning theory

The nature of statistical learning theory
Neuro-fuzzy and soft computing: a computational approach to learning and machine intelligence

Neuro-fuzzy and soft computing: a computational approach to learning and machine intelligence
Temporal sequence learning and data reduction for anomaly detection

ACM Transactions on Information and System Security (TISSEC)
A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Pattern Recognition by Self-Organizing Neural Networks

Pattern Recognition by Self-Organizing Neural Networks
Evolving Connectionist Systems: Methods and Applications in Bioinformatics, Brain Study and Intelligent Machines

Evolving Connectionist Systems: Methods and Applications in Bioinformatics, Brain Study and Intelligent Machines
Anomaly Detection over Noisy Data using Learned Probability Distributions

ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Masquerade Detection Using Truncated Command Lines

DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Learning nonstationary models of normal network traffic for detecting novel attacks

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
ADMIT: anomaly-based data mining for intrusions

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
A Neural Network Component for an Intrusion Detection System

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Cost-sensitive, scalable and adaptive learning using ensemble-based methods

Cost-sensitive, scalable and adaptive learning using ensemble-based methods
On-Line Unsupervised Outlier Detection Using Finite Mixtures with Discounting Learning Algorithms

Data Mining and Knowledge Discovery
Estimating the Support of a High-Dimensional Distribution

Neural Computation
A study in using neural networks for anomaly and misuse detection

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
LIBSVM: A library for support vector machines

ACM Transactions on Intelligent Systems and Technology (TIST)
Evolving fuzzy neural networks for supervised/unsupervised onlineknowledge-based learning

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

Investigation of Fuzzy Adaptive Resonance Theory in Network Anomaly Intrusion Detection

ISNN 2009 Proceedings of the 6th International Symposium on Neural Networks: Advances in Neural Networks - Part II
Review: The use of computational intelligence in intrusion detection systems: A review

Applied Soft Computing
A decade of Kasabov's evolving connectionist systems: a review

IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
An ensemble approach for incremental learning in nonstationary environments

MCS'07 Proceedings of the 7th international conference on Multiple classifier systems
Neural network based on adaptive resonance theory with continuous training for multi-configuration transient stability analysis of electric power systems

Applied Soft Computing
Abstracting audit data for lightweight intrusion detection

ICISS'10 Proceedings of the 6th international conference on Information systems security
An N-Gram and STF-IDF model for masquerade detection in a UNIX environment

Journal in Computer Virology
Inference of network anomaly propagation using spatio-temporal correlation

Journal of Network and Computer Applications
kENFIS: kNN-based evolving neuro-fuzzy inference system for computer worms detection

Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anomaly detection holds great potential for detecting previously unknown attacks. In order to be effective in a practical environment, anomaly detection systems have to be capable of online learning and handling concept drift. In this paper, a new adaptive anomaly detection framework, based on the use of unsupervised evolving connectionist systems, is proposed to address these issues. It is designed to adapt to normal behavior changes while still recognizing anomalies. The evolving connectionist systems learn a subject's behavior in an online, adaptive fashion through efficient local element tuning. Experiments with the KDD Cup 1999 network data and the Windows NT user profiling data show that our adaptive anomaly detection systems, based on Fuzzy Adaptive Resonance Theory (ART) and Evolving Fuzzy Neural Networks (EFuNN), can significantly reduce the false alarm rate while the attack detection rate remains high.