Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2009
ACM
2009
ACM
Keep your friends close: the necessity for updating an anomaly sensor with legitimate environment changes
Large-scale distributed systems have dense, complex code-bases that are assumed to perform multiple and inter-dependent tasks while user interaction is present. The way users interact with systems can differ and evolve over time, as can the systems themselves. Consequently, anomaly detection (AD) sensors must be able to cope with updates to their operating environment. Otherwise, the sensor may incorrectly classify new patterns as malicious (a false positive) or assert that old or outdated patterns are normal (a false negative). This problem of “model drift” is an almost universally acknowledged hazard for anomaly sensors. However, relatively little work has been done to understand the process of identifying and seamlessly updating an operational network AD sensor with legal modifications like changes to a file system or back-end database. In this paper, we highlight some of the challenges of keeping an anomaly sensor updated, an important step toward helping anomaly sensors bec...
Real-time Traffic| Added | 19 May 2010 |
| Updated | 19 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | CCS |
| Authors | Angelos Stavrou, Gabriela F. Cretu-Ciocarlie, Michael E. Locasto, Salvatore J. Stolfo |
Comments (0)
Researcher Info
|
