A Methodological Overview on Anomaly Detection

Callegari, Christian; Coluccia, Angelo; D’Alconzo, Alessandro; Ellens, Wendy; Giordano, Stefano; Mandjes, Michel; Pagano, Michele; Pepe, Teresa; Ricciato, Fabio; Żuraniewski, Piotr

doi:10.1007/978-3-642-36784-7_7

Cited by 25 publications

(16 citation statements)

References 72 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Then the system administrator makes a decision: if the process is allowed, then the relevant information is entered into the user profile and the permission to performing of the operation is given. Otherwise, the process is blocked and the user is notified of it [5].…”

Section: General Intelligent Agent Architecturementioning

confidence: 99%

See 1 more Smart Citation

Adaptive security system based on intelligent agents for distributed computer systems

Mukhin

Kornaga

Steshyn

et al. 2016

2016 International Conference on Development and Application Systems (DAS)

View full text Add to dashboard Cite

In the paper is described a complex adaptive system, which is based on the neural network and on the intelligent agents. This system allows realize an adaptive control for the information security mechanism, it provides timely response to threats and performs the decision making in the real time mode. The developed system allows identify and classify the attacks and to prevent them in order to ensure operation of the fail-safe system and the availability of information resources. The experiments for the data transfer rate analysis in the different observation period on the secured nodes in the distributed computer system are performed.

show abstract

Section: General Intelligent Agent Architecturementioning

confidence: 99%

“…are among the existing methods for DCS security [3,4,5]. They perform analysis of output data and implement algorithms of response to threats.…”

Section: Introductionmentioning

confidence: 99%

Adaptive security system based on intelligent agents for distributed computer systems

Mukhin

Kornaga

Steshyn

et al. 2016

2016 International Conference on Development and Application Systems (DAS)

View full text Add to dashboard Cite

show abstract

“…In the recent years several anomaly-based IDSs have been proposed in the literature, differing in terms of traffic descriptors and decision algorithms, as testified by the several surveys on the topic [3][4] [5]. In general they act on monodimensional time series and, to consider different traffic features, the same basic algorithm is sequentially repeated [6], [7], [8].…”

Section: Related Workmentioning

confidence: 99%

Bivariate Non-parametric Anomaly Detection

Callegari

Giordano

Pagano

2014

2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security

Self Cite

View full text Add to dashboard Cite

Detecting anomalous traffic with low false alarm rates is of primary interest in IP networks management.In this paper we propose a novel anomaly detection system, based on a combined use of sketches and of a novel bivariate non-parametric detection method. The latter allows us to simultaneously analyse two different traffic features so as to improve the performance of the "classical" detection systems, in terms of both detection rate and false alarm rate.The preliminary performance analysis, presented in this paper, demonstrates the effectiveness of the proposed system.

show abstract

“…To this aim, the capabilities of the so-called anomalybased IDSs have been deeply investigated, taking into account different traffic descriptors, aggregation levels, and statistical approaches (see, for instance, [1] and references therein). Roughly speaking, a reference model, corresponding to the normal network behaviour (i.e., without attacks) is built, and deviations from this profile are associated to possible attacks.…”

Section: Introductionmentioning

confidence: 99%

Histogram cloning and CuSum: An experimental comparison between different approaches to Anomaly Detection

Callegari¹,

Giordano²,

Pagano³

2015

2015 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS)

Self Cite

View full text Add to dashboard Cite

Due to the proliferation of new threats from spammers, attackers, and criminal enterprises, Anomaly-based Intrusion Detection Systems have emerged as a key element in network security and different statistical approaches have been considered in the literature. To cope with scalability issues, random aggregation through the use of sketches seems to be a powerful prefiltering stage that can be applied to backbone data traffic. In this paper we compare two different statistical methods to detect the presence of anomalies from such aggregated data. In more detail, histogram cloning (with different distance measurements) and CuSum algorithm (at the bucket level) are tested over A well-known publicly available data set. The performance analysis, presented in this paper, demonstrates the effectiveness of the CuSum when a proper definition of the algorithm, which takes into account the standard deviation of the underlying variables, is chosen.

show abstract

A Methodological Overview on Anomaly Detection

Cited by 25 publications

References 72 publications

Adaptive security system based on intelligent agents for distributed computer systems

Adaptive security system based on intelligent agents for distributed computer systems

Bivariate Non-parametric Anomaly Detection

Histogram cloning and CuSum: An experimental comparison between different approaches to Anomaly Detection

Contact Info

Product

Resources

About