Autonomic Intrusion Detection: Adaptively Detecting Anomalies over Unlabeled Audit Data Streams in Computer Networks

Wei Wang 1 Thomas Guyet 2, 3 René Quiniou 2 Marie-Odile Cordier 2 Florent Masseglia 4 Xiangliang Zhang 5
2 DREAM - Diagnosing, Recommending Actions and Modelling
Inria Rennes – Bretagne Atlantique , IRISA-D7 - GESTION DES DONNÉES ET DE LA CONNAISSANCE
4 ZENITH - Scientific Data Management
LIRMM - Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier, CRISAM - Inria Sophia Antipolis - Méditerranée
Abstract : In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject's behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD'99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen-Loeve method and static AP as well as three other static anomaly detection methods, namely k-NN, PCA and SVM. Knowledge-Based Systems
Type de document :
Article dans une revue
Knowledge-Based Systems, Elsevier, 2014
Liste complète des métadonnées

https://hal.inria.fr/hal-01052810
Contributeur : René Quiniou <>
Soumis le : lundi 28 juillet 2014 - 18:14:24
Dernière modification le : mercredi 2 août 2017 - 10:11:39

Identifiants

  • HAL Id : hal-01052810, version 1

Citation

Wei Wang, Thomas Guyet, René Quiniou, Marie-Odile Cordier, Florent Masseglia, et al.. Autonomic Intrusion Detection: Adaptively Detecting Anomalies over Unlabeled Audit Data Streams in Computer Networks. Knowledge-Based Systems, Elsevier, 2014. <hal-01052810>

Partager

Métriques

Consultations de la notice

355