Autonomic Intrusion Detection: Adaptively Detecting Anomalies over Unlabeled Audit Data Streams in Computer Networks - Archive ouverte HAL Access content directly
Journal Articles Knowledge-Based Systems Year : 2014

Autonomic Intrusion Detection: Adaptively Detecting Anomalies over Unlabeled Audit Data Streams in Computer Networks

(1) , (2, 3) , (2) , (2) , (4) , (5)
1
2
3
4
5

Abstract

In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject's behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD'99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen-Loeve method and static AP as well as three other static anomaly detection methods, namely k-NN, PCA and SVM.
Fichier principal
Vignette du fichier
KBS-Autonomic%20Intrusion%20Detection.pdf;jsessionid=C9984CEABE3CEA9292468E4760C1D589.pdf (1.98 Mo) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01052810 , version 1 (21-07-2019)

Identifiers

Cite

Wei Wang, Thomas Guyet, René Quiniou, Marie-Odile Cordier, Florent Masseglia, et al.. Autonomic Intrusion Detection: Adaptively Detecting Anomalies over Unlabeled Audit Data Streams in Computer Networks. Knowledge-Based Systems, 2014, 70, pp.103-117. ⟨10.1016/j.knosys.2014.06.018⟩. ⟨hal-01052810⟩
413 View
150 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More