Anomaly detection methods in wired networks: a survey and taxonomy

Tapiador, Juan E.; García-Teodoro, Pedro; Díaz-Verdejo, Jesús E.

doi:10.1016/j.comcom.2004.07.002

Cited by 131 publications

(47 citation statements)

References 30 publications

(40 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In surveys such as [24,25], authors discuss anomaly detection in general and cover the network intrusion detection domain only briefly. In several review papers [26][27][28][29][30][31][32] various network anomaly detection methods have been summarized. From aforementioned surveys one can find that the most effective methods of network anomaly detection are Principle Component Analysis [33][34][35], Wavelet analysis [36][37][38], Markovian models [39,40], Clustering [41][42][43], Histograms [44,45], Sketches [46,47], and Entropies [8,15,48].…”

Section: General Overview Of Network Anomaly Techniquesmentioning

confidence: 99%

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

157

View full text Add to dashboard Cite

Data mining is an interdisciplinary subfield of computer science involving methods at the intersection of artificial intelligence, machine learning and statistics. One of the data mining tasks is anomaly detection which is the analysis of large quantities of data to identify items, events or observations which do not conform to an expected pattern. Anomaly detection is applicable in a variety of domains, e.g., fraud detection, fault detection, system health monitoring but this article focuses on application of anomaly detection in the field of network intrusion detection.The main goal of the article is to prove that an entropy-based approach is suitable to detect modern botnet-like malware based on anomalous patterns in network. This aim is achieved by realization of the following points: (i) preparation of a concept of original entropy-based network anomaly detection method, (ii) implementation of the method, (iii) preparation of original dataset, (iv) evaluation of the method.

show abstract

Section: General Overview Of Network Anomaly Techniquesmentioning

confidence: 99%

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

157

View full text Add to dashboard Cite

show abstract

“…In detection mode, each sample that does not fit the model is labelled as anomalous. This notion has been thoroughly explored over the last two decades and applied to multiple domains in the security arena [4,12,15].…”

Section: Anomaly Detection In Smart Devicesmentioning

confidence: 99%

Power-aware anomaly detection in smartphones: An analysis of on-platform versus externalized operation

Suárez-Tangil

Tapiador

Peris-López

et al. 2015

Pervasive and Mobile Computing

View full text Add to dashboard Cite

Many security problems in smartphones and other smart devices are approached from an anomaly detection perspective in which the main goal reduces to identifying anomalous activity patterns. Since machine learning algorithms are generally used to build such detectors, one major challenge is adapting these techniques to battery-powered devices. Many recent works simply assume that on-platform detection is prohibitive and suggest using offloaded (i.e., cloud-based) engines. Such a strategy seeks to save battery life by exchanging computation and communication costs, but it still remains unclear whether this is optimal or not in all circumstances. In this paper, we evaluate different strategies for offloading certain functional tasks in machine learning based detection systems. Our experimental results confirm the intuition that outsourced computation is clearly the best option in terms of power consumption, outweighing on-platform strategies in, essentially, all practical scenarios. Our findings also point out noticeable differences among different machine learning algorithms, and we provide separate consumption models for functional blocks (data preprocessing, training, test, and communications) that can be used to obtain power consumption estimates and compare detectors.

show abstract

“…Additionally, 'anomaly IPS/IDS systems rely on the subjacent concept of 'normality' within the core or edges of the network. 'Normality' is defined using a relational model of the dynamic variables affecting the network state and an event is defined as anomalous, if the variation of its characteristics from the 'normal' network behaviour is too large, for network-unique preset limits, [12]. Setting these limits and defining 'normal' behaviour is so difficult and complex, often leading to many false positives for a stringent security paradigm.…”

Section: Problems With Modern Ids/ips Systemsmentioning

confidence: 99%

Network Attack Analysis and the Behaviour Engine

Benham

Read

Sutherland

2013

Int. J. Com. Net. Tech.

View full text Add to dashboard Cite

Behaviour Engines allow the acquisition of tacit knowledge by using a learn-by-doing workflow and provide a direct interface between the expert user and the developing project code based on an intuitive justification-conclusion language; thus surpassing legacy policy engines by being a self developing and learning mechanism. This paper seeks to formulate the current state of the art in technology and processes and attempts to merge the application of ontological decision techniques of behaviour engines with network packet capture data, to detect data exfiltration attempts over covert channelling. The final goal of the research will be to develop a behaviour engine/intrusion detection solution for pre-emptive counter-measures to anomalous behaviour from within or without a network.speed.

show abstract

Anomaly detection methods in wired networks: a survey and taxonomy

Cited by 131 publications

References 30 publications

An Entropy-Based Network Anomaly Detection Method

An Entropy-Based Network Anomaly Detection Method

Power-aware anomaly detection in smartphones: An analysis of on-platform versus externalized operation

Network Attack Analysis and the Behaviour Engine

Contact Info

Product

Resources

About