An adaptive automatically tuning intrusion detection system

Yu, Zhenwei; Tsai, Jeffrey J. P.; Weigert, Thomas

doi:10.1145/1380422.1380425

Cited by 54 publications

(25 citation statements)

References 15 publications

(34 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These mechanisms are the IDSs [2], a security layer (HW or SW), designed to detect ongoing intrusive activities in computer systems and networks [28]. In the context of CCSs, IDSs are designed to monitor network or system activities for suspicious activities and produce reports to a management station.…”

Section: Requirements For Protection Solutions Deployed Within Criticmentioning

confidence: 99%

A three-stage analysis of IDS for critical infrastructures

Cazorla

Alcaraz

López

2015

Computers & Security

View full text Add to dashboard Cite

Section: Requirements For Protection Solutions Deployed Within Criticmentioning

confidence: 99%

A three-stage analysis of IDS for critical infrastructures

Cazorla

Alcaraz

López

2015

Computers & Security

View full text Add to dashboard Cite

“…Yu et al [38] proposed an adaptive tuning IDS that can be tuned based on the detection performance. The detection model is represented by sets of rules and tuning amounts to adjusting confidence values associated with each rule.…”

Section: Adaptive and Online Anomaly Intrusion Detectionmentioning

confidence: 99%

Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks

Wang

Guyet

Quiniou

et al. 2014

Knowledge-Based Systems

View full text Add to dashboard Cite

In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject's behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD'99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen-Loeve method and static AP as well as three other static anomaly detection methods, namely k-NN, PCA and SVM.

show abstract

“…Intrusion Detection Systems [16] have a very important role in the Grid Security Management. For the execution of large scale application or in service grid there is clearly need to detect the known or unknown intrusion and any other kind of dangerous events.…”

Section: Introductionmentioning

confidence: 99%