Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks

Handle URI:
http://hdl.handle.net/10754/556654
Title:
Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks
Authors:
Wang, Wei; Guyet, Thomas; Quiniou, René; Cordier, Marie-Odile; Masseglia, Florent; Zhang, Xiangliang ( 0000-0002-3574-5665 )
Abstract:
In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.
KAUST Department:
Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division
Citation:
Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks 2014, 70:103 Knowledge-Based Systems
Journal:
Knowledge-Based Systems
Issue Date:
22-Jun-2014
DOI:
10.1016/j.knosys.2014.06.018
Type:
Article
ISSN:
09507051
Additional Links:
http://linkinghub.elsevier.com/retrieve/pii/S0950705114002391
Appears in Collections:
Articles; Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division

Full metadata record

DC FieldValue Language
dc.contributor.authorWang, Weien
dc.contributor.authorGuyet, Thomasen
dc.contributor.authorQuiniou, Renéen
dc.contributor.authorCordier, Marie-Odileen
dc.contributor.authorMasseglia, Florenten
dc.contributor.authorZhang, Xiangliangen
dc.date.accessioned2015-06-10T11:41:38Zen
dc.date.available2015-06-10T11:41:38Zen
dc.date.issued2014-06-22en
dc.identifier.citationAutonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks 2014, 70:103 Knowledge-Based Systemsen
dc.identifier.issn09507051en
dc.identifier.doi10.1016/j.knosys.2014.06.018en
dc.identifier.urihttp://hdl.handle.net/10754/556654en
dc.description.abstractIn this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.en
dc.relation.urlhttp://linkinghub.elsevier.com/retrieve/pii/S0950705114002391en
dc.rightsNOTICE: this is the author’s version of a work that was accepted for publication in Knowledge-Based Systems. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Knowledge-Based Systems, 22 June 2014. DOI: 10.1016/j.knosys.2014.06.018en
dc.subjectAnomaly detectionen
dc.subjectIntrusion detectionen
dc.subjectAdaptive systemen
dc.subjectNetwork securityen
dc.subjectWeb securityen
dc.subjectAutonomic computingen
dc.subjectClusteringen
dc.titleAutonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networksen
dc.typeArticleen
dc.contributor.departmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Divisionen
dc.identifier.journalKnowledge-Based Systemsen
dc.eprint.versionPost-printen
dc.contributor.institutionSchool of Computer and Information Technology, Beijing Jiaotong University, Chinaen
dc.contributor.institutionResearch Team DREAM, INRIA Rennes/IRISA, Franceen
dc.contributor.institutionResearch Team Zenith, INRIA, Franceen
kaust.authorZhang, Xiangliangen
All Items in KAUST are protected by copyright, with all rights reserved, unless otherwise indicated.