research-article

A formal framework for positive and negative detection schemes

Authors:

F. Esponda,

S. Forrest,

P. HelmanAuthors Info & Claims

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, Volume 34, Issue 1

Pages 357 - 373

https://doi.org/10.1109/TSMCB.2003.817026

Published: 01 February 2004 Publication History

Abstract

In anomaly detection, the normal behavior of a process is characterized by a model, and deviations from the model are called anomalies. In behavior-based approaches to anomaly detection, the model of normal behavior is constructed from an observed sample of normally occurring patterns. Models of normal behavior can represent either the set of allowed patterns (positive detection) or the set of anomalous patterns (negative detection). A formal framework is given for analyzing the tradeoffs between positive and negative detection schemes in terms of the number of detectors needed to maximize coverage. For realistically sized problems, the universe of possible patterns is too large to represent exactly (in either the positive or negative scheme). Partial matching rules generalize the set of allowable (or unallowable) patterns, and the choice of matching rule affects the tradeoff between positive and negative detection. A new match rule is introduced, called r-chunks, and the generalizations induced by different partial matching rules are characterized in terms of the crossover closure. Permutations of the representation can be used to achieve more precise discrimination between normal and anomalous patterns. Quantitative results are given for the recognition ability of contiguous-bits matching together with permutations.

Cited By

View all

Saurabh PVerma B(2016)An efficient proactive artificial immune system based anomaly detection and prevention systemExpert Systems with Applications: An International Journal10.1016/j.eswa.2016.03.04260:C(311-320)Online publication date: 30-Oct-2016
https://dl.acm.org/doi/10.1016/j.eswa.2016.03.042
Li DLiu SZhang H(2016)A boundary-fixed negative selection algorithm with online adaptive learning under small samples for anomaly detectionEngineering Applications of Artificial Intelligence10.1016/j.engappai.2015.12.01450:C(93-105)Online publication date: 1-Apr-2016
https://dl.acm.org/doi/10.1016/j.engappai.2015.12.014
Li DLiu SZhang H(2015)A negative selection algorithm with online adaptive learning under small samples for anomaly detectionNeurocomputing10.1016/j.neucom.2014.08.022149:PB(515-525)Online publication date: 3-Feb-2015
https://dl.acm.org/doi/10.1016/j.neucom.2014.08.022
Show More Cited By

A formal framework for positive and negative detection schemes
1. Computing methodologies

Recommendations

A Formal Framework for Program Anomaly Detection
RAID 2015: Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 9404

Program anomaly detection analyzes normal program behaviors and discovers aberrant executions caused by attacks, misconfigurations, program bugs, and unusual usage patterns. The merit of program anomaly detection is its independence from attack ...
Generating positive and negative exact rules using formal concept analysis: problems and solutions
ICFCA'08: Proceedings of the 6th international conference on Formal concept analysis

The objective of this article is to investigate the problem of generating both positive and negative exact association rules when a formal context K of (positive) attributes is provided. A straightforward solution to this problem consists of conducting ...
Neural Correlates of Positive and Negative Emotion Regulation

The ability to cope adaptively with emotional events by volitionally altering one's emotional reactions is important for psychological and physical health as well as social interaction. Cognitive regulation of emotional responses to aversive events ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics Volume 34, Issue 1

February 2004

813 pages

ISSN:1083-4419

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 February 2004

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Saurabh PVerma B(2016)An efficient proactive artificial immune system based anomaly detection and prevention systemExpert Systems with Applications: An International Journal10.1016/j.eswa.2016.03.04260:C(311-320)Online publication date: 30-Oct-2016
https://dl.acm.org/doi/10.1016/j.eswa.2016.03.042
Li DLiu SZhang H(2016)A boundary-fixed negative selection algorithm with online adaptive learning under small samples for anomaly detectionEngineering Applications of Artificial Intelligence10.1016/j.engappai.2015.12.01450:C(93-105)Online publication date: 1-Apr-2016
https://dl.acm.org/doi/10.1016/j.engappai.2015.12.014
Li DLiu SZhang H(2015)A negative selection algorithm with online adaptive learning under small samples for anomaly detectionNeurocomputing10.1016/j.neucom.2014.08.022149:PB(515-525)Online publication date: 3-Feb-2015
https://dl.acm.org/doi/10.1016/j.neucom.2014.08.022
(2015)Fault detection, diagnosis and recovery using Artificial Immune SystemsEngineering Applications of Artificial Intelligence10.1016/j.engappai.2015.08.00646:PA(43-57)Online publication date: 1-Nov-2015
https://dl.acm.org/doi/10.1016/j.engappai.2015.08.006
Poggiolini MEngelbrecht A(2013)Application of the feature-detection rule to the Negative Selection AlgorithmExpert Systems with Applications: An International Journal10.1016/j.eswa.2012.12.01640:8(3001-3014)Online publication date: 1-Jun-2013
https://dl.acm.org/doi/10.1016/j.eswa.2012.12.016
Kaluža BKaminka GTambe M(2012)Detection of suspicious behavior from a sparse set of multiagent interactionsProceedings of the 11th International Conference on Autonomous Agents and Multiagent Systems - Volume 210.5555/2343776.2343833(955-964)Online publication date: 4-Jun-2012
https://dl.acm.org/doi/10.5555/2343776.2343833
Fuyong ZDeyu Q(2011)Run-time malware detection based on positive selectionJournal in Computer Virology10.5555/2070671.20706757:4(267-277)Online publication date: 1-Nov-2011
https://dl.acm.org/doi/10.5555/2070671.2070675
Nanda SPanda GMajhi B(2010)Improved identification of Hammerstein plants using new CPSO and IPSO algorithmsExpert Systems with Applications: An International Journal10.1016/j.eswa.2010.03.04337:10(6818-6831)Online publication date: 1-Oct-2010
https://dl.acm.org/doi/10.1016/j.eswa.2010.03.043
Wu SBanzhaf W(2010)ReviewApplied Soft Computing10.1016/j.asoc.2009.06.01910:1(1-35)Online publication date: 1-Jan-2010
https://dl.acm.org/doi/10.1016/j.asoc.2009.06.019
Zheng JChen YZhang W(2010)A Survey of artificial immune applicationsArtificial Intelligence Review10.1007/s10462-010-9159-934:1(19-34)Online publication date: 1-Jun-2010
https://dl.acm.org/doi/10.1007/s10462-010-9159-9
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

A Formal Framework for Program Anomaly Detection

Generating positive and negative exact rules using formal concept analysis: problems and solutions

Neural Correlates of Positive and Negative Emotion Regulation

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations