Title :
A New, Principled Approach to Anomaly Detection
Author :
Ferragut, Erik M. ; Laska, J. ; Bridges, Robert A.
Author_Institution :
Comput. Sci. & Eng. Div., Oak Ridge Nat. Lab., Oak Ridge, WI, USA
Abstract :
Intrusion detection is often described as having two main approaches: signature-based and anomaly-based. We argue that only unsupervised methods are suitable for detecting anomalies. However, there has been a tendency in the literature to conflate the notion of an anomaly with the notion of a malicious event. As a result, the methods used to discover anomalies have typically been ad hoc, making it nearly impossible to systematically compare between models or regulate the number of alerts. We propose a new, principled approach to anomaly detection that addresses the main shortcomings of ad hoc approaches. We provide both theoretical and cyber-specific examples to demonstrate the benefits of our more principled approach.
Keywords :
digital signatures; security of data; anomaly detection; anomaly-based intrusion detection; malicious event; principled approach; signature-based intrusion detection; unsupervised methods; Computer security; Context; Gaussian distribution; IP networks; Probabilistic logic; Probability distribution; Vectors; anomaly detection; cyber security; intrusion detection; probabilistic model;
Conference_Titel :
Machine Learning and Applications (ICMLA), 2012 11th International Conference on
Conference_Location :
Boca Raton, FL
Print_ISBN :
978-1-4673-4651-1
DOI :
10.1109/ICMLA.2012.151
