IEEE Transactions on Software Engineering - Special issue on computer security and privacy
C4.5: programs for machine learning
C4.5: programs for machine learning
Mining association rules between sets of items in large databases
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
Security is fuzzy!: applying the fuzzy logic paradigm to the multipolicy paradigm
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
LOF: identifying density-based local outliers
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Efficient algorithms for mining outliers from large data sets
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Adaptive Intrusion Detection: A Data Mining Approach
Artificial Intelligence Review - Issues on the application of data mining
Outlier detection for high dimensional data
SIGMOD '01 Proceedings of the 2001 ACM SIGMOD international conference on Management of data
ACM Transactions on Information and System Security (TISSEC)
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Machine Learning
Practical automated detection of stealthy portscans
Journal of Computer Security
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
Algorithms for Mining Distance-Based Outliers in Large Datasets
VLDB '98 Proceedings of the 24rd International Conference on Very Large Data Bases
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
ADMIT: anomaly-based data mining for intrusions
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Active Mapping: Resisting NIDS Evasion without Altering Traffic
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Evaluation of Intrusion Detectors: A Decision Theory Approach
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Bayesian Event Classification for Intrusion Detection
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Outlier Detection Using k-Nearest Neighbour Graph
ICPR '04 Proceedings of the Pattern Recognition, 17th International Conference on (ICPR'04) Volume 3 - Volume 03
An approach to implement a network intrusion detection system using genetic algorithms
SAICSIT '04 Proceedings of the 2004 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries
A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A Hybrid Network Intrusion Detection Technique Using Random Forests
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Identifying Intrusions in Computer Networks with Principal Component Analysis
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Learning program behavior profiles for intrusion detection
ID'99 Proceedings of the 1st conference on Workshop on Intrusion Detection and Network Monitoring - Volume 1
Intrusion detection using sequences of system calls
Journal of Computer Security
Undermining an anomaly-based intrusion detection system using common exploits
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Hierarchical Kohonenen net for anomaly detection in network security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
Determining the operational limits of an anomaly-based intrusion detector
IEEE Journal on Selected Areas in Communications
On Some Method for Intrusion Detection Used by the Multi-agent Monitoring System
ICCS '08 Proceedings of the 8th international conference on Computational Science, Part III
Measuring the Normality of Web Proxies' Behavior Based on Locality Principles
NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
Network anomaly detection based on wavelet analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Characterizing network traffic by means of the NetMine framework
Computer Networks: The International Journal of Computer and Telecommunications Networking
Semi-supervised co-training and active learning based approach for multi-view intrusion detection
Proceedings of the 2009 ACM symposium on Applied Computing
Data Mining for Intrusion Detection: From Outliers to True Intrusions
PAKDD '09 Proceedings of the 13th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining
ACM Computing Surveys (CSUR)
Investigation of Fuzzy Adaptive Resonance Theory in Network Anomaly Intrusion Detection
ISNN 2009 Proceedings of the 6th International Symposium on Neural Networks: Advances in Neural Networks - Part II
A triangle area based nearest neighbors approach to intrusion detection
Pattern Recognition
Journal of Network and Computer Applications
Effective DDoS Attacks Detection Using Generalized Entropy Metric
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
An Outlier Detection Algorithm Based on Arbitrary Shape Clustering
ADMA '09 Proceedings of the 5th International Conference on Advanced Data Mining and Applications
A simple and efficient hidden Markov model scheme for host- based anomaly intrusion detection
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Detecting Network Anomalies Using CUSUM and EM Clustering
ISICA '09 Proceedings of the 4th International Symposium on Advances in Computation and Intelligence
Optimization of Real-Valued Self Set for Anomaly Detection Using Gaussian Distribution
AICI '09 Proceedings of the International Conference on Artificial Intelligence and Computational Intelligence
Three levels network analysis for anomaly detection
SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
Splash: ad-hoc querying of data and statistical models
Proceedings of the 13th International Conference on Extending Database Technology
Information Sciences: an International Journal
A multi-agent system for computer network security monitoring
KES-AMSTA'08 Proceedings of the 2nd KES International conference on Agent and multi-agent systems: technologies and applications
A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering
Expert Systems with Applications: An International Journal
Random effects logistic regression model for anomaly detection
Expert Systems with Applications: An International Journal
A Framework for Large-Scale Detection of Web Site Defacements
ACM Transactions on Internet Technology (TOIT)
Attack scenario recognition through heterogeneous event stream analysis
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Evolving boundary detector for anomaly detection
Expert Systems with Applications: An International Journal
A hybrid fraud scoring and spike detection technique in streaming data
Intelligent Data Analysis
The use of artificial intelligence based techniques for intrusion detection: a review
Artificial Intelligence Review
What is the impact of p2p traffic on anomaly detection?
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Privilege states based access control for fine-grained intrusion response
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Real anomaly detection in telecommunication multidimensional data using data mining techniques
ICCCI'10 Proceedings of the Second international conference on Computational collective intelligence: technologies and applications - Volume PartI
A two-tier system for web attack detection using linear discriminant method
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Anomaly detection techniques for a web defacement monitoring service
Expert Systems with Applications: An International Journal
TVi: a visual querying system for network monitoring and anomaly detection
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Pervasive'11 Proceedings of the 9th international conference on Pervasive computing
Security in the context of multi-agent systems
The 10th International Conference on Autonomous Agents and Multiagent Systems - Volume 3
Artificial recurrence for classification of streaming data with concept shift
ICAIS'11 Proceedings of the Second international conference on Adaptive and intelligent systems
Learning curve in concept drift while using active learning paradigm
ICAIS'11 Proceedings of the Second international conference on Adaptive and intelligent systems
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Enforcing security with behavioral fingerprinting
Proceedings of the 7th International Conference on Network and Services Management
A multilayer overlay network architecture for enhancing IP services availability against dos
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Stock fraud detection using peer group analysis
Expert Systems with Applications: An International Journal
A model for using machine learning in smart environments
GPC'11 Proceedings of the 6th international conference on Grid and Pervasive Computing
Towards a multiagent-based distributed intrusion detection system using data mining approaches
ADMI'11 Proceedings of the 7th international conference on Agents and Data Mining Interaction
Novelty detection in wildlife scenes through semantic context modelling
Pattern Recognition
Anomaly detection system based on service oriented architecture
ACIIDS'12 Proceedings of the 4th Asian conference on Intelligent Information and Database Systems - Volume Part III
APWeb'12 Proceedings of the 14th Asia-Pacific international conference on Web Technologies and Applications
Inference in possibilistic network classifiers under uncertain observations
Annals of Mathematics and Artificial Intelligence
SHARD: a framework for sequential, hierarchical anomaly ranking and detection
PAKDD'12 Proceedings of the 16th Pacific-Asia conference on Advances in Knowledge Discovery and Data Mining - Volume Part II
An effective unsupervised network anomaly detection method
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Traffic pattern analysis for distributed anomaly detection
PPAM'11 Proceedings of the 9th international conference on Parallel Processing and Applied Mathematics - Volume Part II
Learning from socio-economic characteristics of IP geo-locations for cybercrime prediction
International Journal of Business Intelligence and Data Mining
Network anomaly detection: comparison and real-time issues
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
A survey on unsupervised outlier detection in high-dimensional numerical data
Statistical Analysis and Data Mining
Review: An intrusion detection and prevention system in cloud computing: A systematic review
Journal of Network and Computer Applications
Review: Intrusion detection system: A comprehensive review
Journal of Network and Computer Applications
Anomaly detection in VoIP traffic with trends
Proceedings of the 24th International Teletraffic Congress
New class-dependent feature transformation for intrusion detection systems
Security and Communication Networks
A study of anomaly detection in data from urban sensor networks
MDAI'12 Proceedings of the 9th international conference on Modeling Decisions for Artificial Intelligence
The use of artificial-intelligence-based ensembles for intrusion detection: a review
Applied Computational Intelligence and Soft Computing
Genetic-based real-time fast-flux service networks detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Feature subset selection using binary gravitational search algorithm for intrusion detection system
ACIIDS'13 Proceedings of the 5th Asian conference on Intelligent Information and Database Systems - Volume Part II
Review Article: RePIDS: A multi tier Real-time Payload-based Intrusion Detection System
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network Anomaly Detection Using Co-clustering
ASONAM '12 Proceedings of the 2012 International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2012)
LIDAR: a layered intrusion detection and remediationframework for smartphones
Proceedings of the 4th international ACM Sigsoft symposium on Architecting critical systems
Administrative evaluation of intrusion detection system
Proceedings of the 2nd annual conference on Research in information technology
Engineering Applications of Artificial Intelligence
Performance analysis of machine learning algorithms for intrusion detection in MANETs
International Journal of Wireless and Mobile Computing
A survey of multiple classifier systems as hybrid systems
Information Fusion
Computer Networks: The International Journal of Computer and Telecommunications Networking
A plug-in approach to neyman-pearson classification
The Journal of Machine Learning Research
Anomaly detection in diurnal data
Computer Networks: The International Journal of Computer and Telecommunications Networking
Review: A review of novelty detection
Signal Processing
Alert correlation: Severe attack prediction and controlling false alarm rate tradeoffs
Intelligent Data Analysis
A procedure for the detection of anomalous input-output patterns
Intelligent Data Analysis
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.01 |
As advances in networking technology help to connect the distant corners of the globe and as the Internet continues to expand its influence as a medium for communications and commerce, the threat from spammers, attackers and criminal enterprises has also grown accordingly. It is the prevalence of such threats that has made intrusion detection systems-the cyberspace's equivalent to the burglar alarm-join ranks with firewalls as one of the fundamental technologies for network security. However, today's commercially available intrusion detection systems are predominantly signature-based intrusion detection systems that are designed to detect known attacks by utilizing the signatures of those attacks. Such systems require frequent rule-base updates and signature updates, and are not capable of detecting unknown attacks. In contrast, anomaly detection systems, a subset of intrusion detection systems, model the normal system/network behavior which enables them to be extremely effective in finding and foiling both known as well as unknown or ''zero day'' attacks. While anomaly detection systems are attractive conceptually, a host of technological problems need to be overcome before they can be widely adopted. These problems include: high false alarm rate, failure to scale to gigabit speeds, etc. In this paper, we provide a comprehensive survey of anomaly detection systems and hybrid intrusion detection systems of the recent past and present. We also discuss recent technological trends in anomaly detection and identify open problems and challenges in this area.