Article

Using Artificial Anomalies to Detect Unknown and Known Network Intrusions

Authors:

Wei Fan,

Matthew Miller,

Salvatore J. Stolfo,

Wenke Lee,

Philip K. ChanAuthors Info & Claims

ICDM '01: Proceedings of the 2001 IEEE International Conference on Data Mining

Pages 123 - 130

Published: 29 November 2001 Publication History

Publisher Site

Abstract

Intrusion detection systems (IDSs) must be capable of detecting new and unknown attacks, or anomalies. We study the problem of building detection models for both pure anomaly detection and combined misuse and anomaly detection (i.e., detection of both known and unknown intrusions). We propose an algorithm to generate artificial anomalies to coerce the inductive learner into discovering an accurate boundary between known classes (normal connections and known intrusions) and anomalies.Empirical studies show that our pure anomaly detection model trained using nor al and artificial anomalies is capable of detecting ore than 77%of all unknown intrusion classes with more than 50%accuracy per intrusion class. The combined misuse and anomaly detection models are as accurate as a pure misuse detection model in detecting known intrusions and are capable of detecting at least 50%of unknown intrusion classes with accuracy measurements between 75% and 100%per class.

Cited By

View all

Menon AWilliamson R(2018)A loss framework for calibrated anomaly detectionProceedings of the 32nd International Conference on Neural Information Processing Systems10.5555/3326943.3327080(1494-1504)Online publication date: 3-Dec-2018
https://dl.acm.org/doi/10.5555/3326943.3327080
Ugarte WBoizumault PCrmilleux BLepailleur ALoudni SPlantevit MRassi CSoulet A(2017)Skypattern miningArtificial Intelligence10.1016/j.artint.2015.04.003244:C(48-69)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1016/j.artint.2015.04.003
Nguyen DCios K(2015)Rule-based OneClass-DS learning algorithmApplied Soft Computing10.1016/j.asoc.2015.05.04335:C(267-279)Online publication date: 1-Oct-2015
https://dl.acm.org/doi/10.1016/j.asoc.2015.05.043
Show More Cited By

Index Terms

Using Artificial Anomalies to Detect Unknown and Known Network Intrusions
1. Computing methodologies
  1. Machine learning
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Index terms have been assigned to the content through auto-classification.

Recommendations

Using artificial anomalies to detect unknown and known network intrusions

Intrusion detection systems (IDSs) must be capable of detecting new and unknown attacks, or anomalies. We study the problem of building detection models for both pure anomaly detection and combined misuse and anomaly detection (i.e., detection of both ...
Defending Distributed Systems Against Malicious Intrusions and Network Anomalies
IPDPS '05: Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18

Network security breaches hinder the application of distributed computing systems manifested as the Grids, clusters, intranets, extranets, or P2P systems. A new integrated approach is presented for building future, network-based intrusion detection ...
Algorithms to detect stepping-stone intrusions in the presence of evasion techniques

Comments

Information & Contributors

Information

Published In

ICDM '01: Proceedings of the 2001 IEEE International Conference on Data Mining

November 2001

663 pages

ISBN:0769511198

Publisher

IEEE Computer Society

United States

Publication History

Published: 29 November 2001

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Menon AWilliamson R(2018)A loss framework for calibrated anomaly detectionProceedings of the 32nd International Conference on Neural Information Processing Systems10.5555/3326943.3327080(1494-1504)Online publication date: 3-Dec-2018
https://dl.acm.org/doi/10.5555/3326943.3327080
Ugarte WBoizumault PCrmilleux BLepailleur ALoudni SPlantevit MRassi CSoulet A(2017)Skypattern miningArtificial Intelligence10.1016/j.artint.2015.04.003244:C(48-69)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1016/j.artint.2015.04.003
Nguyen DCios K(2015)Rule-based OneClass-DS learning algorithmApplied Soft Computing10.1016/j.asoc.2015.05.04335:C(267-279)Online publication date: 1-Oct-2015
https://dl.acm.org/doi/10.1016/j.asoc.2015.05.043
Pham TNguyen QNguyen XGiang NThang HKhalil ISon NDeville YBui M(2014)Generating artificial attack data for intrusion detection using machine learningProceedings of the 5th Symposium on Information and Communication Technology10.1145/2676585.2676618(286-291)Online publication date: 4-Dec-2014
https://dl.acm.org/doi/10.1145/2676585.2676618
Devasena CHemalatha MGopalan KThampi S(2012)Object detection in video using Lorenz information measure and discrete wavelet transformProceedings of the International Conference on Advances in Computing, Communications and Informatics10.1145/2345396.2345430(200-206)Online publication date: 3-Aug-2012
https://dl.acm.org/doi/10.1145/2345396.2345430
Abadeh MMohamadi HHabibi J(2011)Design and analysis of genetic fuzzy systems for intrusion detection in computer networksExpert Systems with Applications: An International Journal10.1016/j.eswa.2010.12.00638:6(7067-7075)Online publication date: 1-Jun-2011
https://dl.acm.org/doi/10.1016/j.eswa.2010.12.006
Chandola VBanerjee AKumar V(2009)Anomaly detectionACM Computing Surveys10.1145/1541880.154188241:3(1-58)Online publication date: 30-Jul-2009
https://dl.acm.org/doi/10.1145/1541880.1541882
Hwang KCai MChen YQin M(2007)Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet EpisodesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2007.94:1(41-55)Online publication date: 1-Jan-2007
https://dl.acm.org/doi/10.1109/TDSC.2007.9
Feng YZhong JXiong ZYe CWu K(2007)Network Anomaly Detection Based on DSOM and ACO ClusteringProceedings of the 4th international symposium on Neural Networks: Part II--Advances in Neural Networks10.1007/978-3-540-72393-6_113(947-955)Online publication date: 3-Jun-2007
https://dl.acm.org/doi/10.1007/978-3-540-72393-6_113
Wu MJermaine CEliassi-Rad TUngar LCraven MGunopulos D(2006)Outlier detection by sampling with accuracy guaranteesProceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining10.1145/1150402.1150501(767-772)Online publication date: 20-Aug-2006
https://dl.acm.org/doi/10.1145/1150402.1150501
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations