The weighted majority algorithm
Information and Computation
Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Practical automated detection of stealthy portscans
Journal of Computer Security
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Learning Rules for Anomaly Detection of Hostile Network Traffic
ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
On gray-box program tracking for anomaly detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A study in using neural networks for anomaly and misuse detection
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
ACM Computing Surveys (CSUR)
Anomaly detection in categorical datasets using bayesian networks
AICI'11 Proceedings of the Third international conference on Artificial intelligence and computational intelligence - Volume Part II
Hi-index | 0.00 |
For intrusion detection, the LERAD algorithm learns a succinct set of comprehensible rules for detecting anomalies, which could be novel attacks. LERAD validates the learned rules on a separate held-out validation set and removes rules that cause false alarms. However, removing rules with possible high coverage can lead to missed detections. We propose to retain these rules and associate weights to them. We present three weighting schemes and our empirical results indicate that, for LERAD, rule weighting can detect more attacks than pruning with minimal computational overhead.