Consensus extraction from heterogeneous detectors to improve performance over network traffic anomaly detection

Proceedings - IEEE INFOCOM

Volumn , Issue , 2011, Pages 181-185

  Gao, Jing ^a   Fan, Wei ^b   Turaga, Deepak ^b   Verscheure, Olivier ^b   Meng, Xiaoqiao ^b   Su, Lu ^a   Han, Jiawei ^a  

^a UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALOUS EVENTS; ANOMALY DETECTION; ANOMALY DETECTOR; BAYESIAN MODEL AVERAGING; DATA SETS; DENIAL OF SERVICE ATTACKS; DETRIMENTAL EFFECTS; DISCRIMINATIVE MODELS; FALSE POSITIVE; NEGATIVE RATES; NETWORK ANOMALY DETECTION; NETWORK OPERATOR; NETWORK TRAFFIC; NON-TRIVIAL; PORT SCANS; TRAFFIC DATA; TRAFFIC RECORDS; WEIGHTED VOTING;

ALGORITHMS; ATOMS; BAYESIAN NETWORKS; MATHEMATICAL OPERATORS;

DETECTORS;

EID: 79960863336     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFCOM.2011.5934982     Document Type: Conference Paper

References (21)

1. V. Chandola, A. Banerjee, and V. Kumar, "Anomaly detection: A survey," University of Minnesota, Tech. Rep. 07-017, 2007.
2. G. Gu, A. A. Cárdenas, and W. Lee, "Principled reasoning and practical applications of alert fusion in intrusion detection systems," in Proc. ACM ASIACCS, 2008, pp. 136-147.
3. I. Corona, G. Giacinto, and F. Roli, Intrusion Detection in Computer Systems Using Multiple Classifier Systems. Springer, 2008, pp. 91-113.
4. D. P. Bertsekas, Non-Linear Programming, 2nd ed. Athena Scientific, 1999.
5. G. Seni and F. Elder, Ensemble Methods in Data Mining: Improving Accuracy Through Combining Predictions. Morgan & Claypool, 2010.
6. R. Polikar, "Ensemble based systems in decision making," IEEE Circuits and Systems Magazine, vol. 6, no. 3, pp. 21-45, 2006.
7. M. M. Breunig, H.-P. Kriegel, R. T. Ng, and J. Sander, "Lof: identifying density-based local outliers," in Proc. ACM SIGMOD, 2000, pp. 93-104.
8. R. Pang, M. Allman, V. Paxson, and J. Lee, "The devil and packet trace anonymization," SIGCOMM Computer Communication Review, vol. 36, no. 1, pp. 29-38, 2006.
9. H. Wang, D. Zhang, and K. G. Shin, "Detecting syn flooding attacks," in Proc. IEEE INFOCOM, 2002.
10. A. Soule, K. Salamatian, and N. Taft, "Combining filtering and statistical methods for anomaly detection," in Proc. ACM IMC, 2005, pp. 331-344.
11. A. Lakhina, M. Crovella, and C. Diot, "Mining anomalies using traffic feature distributions," in Proc. ACM SIGCOMM, 2005, pp. 217-228.
12. Y. Gu, A. McCallum, and D. Towsley, "Detecting anomalies in network traffic using maximum entropy estimation," in Proc. ACM IMC, 2005, pp. 345-350.
13. P. Barford, J. Kline, D. Plonka, and A. Ron, "A signal analysis of network traffic anomalies," in Proc. ACM IMW, 2002, pp. 71-82.
14. W. Fan, M. Miller, S. Stolfo, W. Lee, and P. Chan, "Using artificial anomalies to detect unknown and known network intrusions," Knowl. Inf. Syst., vol. 6, pp. 507-527, 2004.
15. B. Sheng, Q. Li, W. Mao, and W. Jin, "Outlier detection in sensor networks," in Proc. Mobihoc, 2007, pp. 219-228.
16. A. Strehl and J. Ghosh, "Cluster ensembles - a knowledge reuse framework for combining multiple partitions," Journal of Machine Learning Research, vol. 3, pp. 583-617, 2003.
17. J. Gao, F. Liang, W. Fan, Y. Sun, and J. Han, "Graph-based consensus maximization among multiple supervised and unsupervised models," in Proc. NIPS, 2009.
18. F. Cuppens and A. Miége, "Alert correlation in a cooperative intrusion detection framework," in Proc. IEEE S & P, 2002, pp. 202-215.
19. H. Debar and A. Wespi, "Aggregation and correlation of intrusion-detection alerts," in Proc. RAID, 2001, pp. 85-103.
20. T. Bass, "Intrusion detection systems and multisensor data fusion," Communications of ACM, vol. 43, no. 4, pp. 99-105, 2000.
21. T. Dietterich, "Ensemble methods in machine learning," in Proc. Int. Workshop Multiple Classifier Systems, 2000, pp. 1-15.