Sciweavers

DSN
2000
IEEE

Benchmarking Anomaly-Based Detection Systems

14 years 3 months ago
Benchmarking Anomaly-Based Detection Systems
Anomaly detection is a key element of intrusiondetection and other detection systems in which perturbations of normal behavior suggest the presence of intentionally or unintentionally induced attacks, faults, defects, etc. Because most anomaly detectors are based on probabilistic algorithms that exploit the intrinsic structure, or regularity, embedded in data logs, a fundamental question is whether or not such structure influences detection performance. If detector performance is indeed a function of environmental regularity, it would be critical to match detectors to environmental characteristics. In intrusion-detection settings, however, this is not done, possibly because such characteristics are not easily ascertained. This paper introduces a metric for characterizing structure in data environments, and tests the hypothesis that intrinsic structure influences probabilistic detection. In a series of experiments, an anomaly-detection algorithm was applied to a benchmark suite of 165 ...
Roy A. Maxion, Kymie M. C. Tan
Added 30 Jul 2010
Updated 30 Jul 2010
Type Conference
Year 2000
Where DSN
Authors Roy A. Maxion, Kymie M. C. Tan
Comments (0)