Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks

Knowledge-Based Systems

Volumn 70, Issue , 2014, Pages 103-117

  Wang, Wei ^a   Guyet, Thomas ^b   Quiniou, René ^b   Cordier, Marie Odile ^b   Masseglia, Florent ^c   Zhang, Xiangliang ^d  

^a BEIJING JIAOTONG UNIVERSITY   (China)

^b CAMPUS DE BEAULIEU   (France)

^c INRIA   (France)

^d KING ABDULLAH UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Saudi Arabia)

Author keywords

Adaptive system; Anomaly detection; Autonomic computing; Clustering; Intrusion detection; Network security; Web security

Indexed keywords

ADAPTIVE SYSTEMS; COMPUTER HARDWARE DESCRIPTION LANGUAGES; DATA STREAMS; HTTP; INTRUSION DETECTION; NEAREST NEIGHBOR SEARCH; NETWORK SECURITY;

AFFINITY PROPAGATION; ANOMALY DETECTION METHODS; AUTONOMIC COMPUTING; CLUSTERING; DYNAMICAL CLUSTERING; EFFECTIVENESS AND EFFICIENCIES; KARHUNEN-LOEVE METHOD; WEB SECURITY;

ANOMALY DETECTION;

EID: 84908477169     PISSN: 09507051     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.knosys.2014.06.018     Document Type: Article

References (55)

1. Snort. Snort, 2014. < http://www.snort.org/ > (retrieved February 2014).
2. Wenke Lee, Salvatore J. Stolfo, Kui W. Mok, A data mining framework for building intrusion detection models, in: IEEE S&P, 1999, pp. 120-132.
3. Shobha Venkataraman, David Brumley, Subhabrata Sen, Oliver Spatscheck, Automatically inferring the evolution of malicious activity on the internet, in: NDSS, 2013.
4. Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, Thomas A. Longstaff, A sense of self for unix processes, in: IEEE S&P, 1996, pp. 120-128.
5. Wei Wang, Xiaohong Guan, Xiangliang Zhang, and Liwei Yang Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data Comput. Secur. 25 7 2006 539 550
6. Daniel Arp, Michael Spreitzenbarth, Malte Hubner, Hugo Gascon, Konrad Rieck, Drebin: efficient and explainable detection of android malware in your pocket, in: NDSS, 2014.
7. Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, Michalis Faloutsos, Profiledroid: multi-layer profiling of android applications, in: MOBICOM, 2012, pp. 137-148.
8. Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo, Angelos D. Keromytis, Casting out demons: sanitizing training data for anomaly sensors, in: IEEE S&P, 2008, pp. 81-95.
9. Carrie Gates, Carol Taylor, Challenging the anomaly detection paradigm: a provocative discussion, in: NSPW, 2006, pp. 21-29.
10. Terran Lane, Carla E. Brodley, Approaches to online learning and concept drift for user identification in computer security, in: KDD, 1998, pp. 259-263.
11. KDD-Data, Kdd cup 1999 Data, 1999. < http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html > (retrieved February 2014).
12. Irina Rish, Mark Brodie, Sheng Ma, Natalia Odintsova, Alina Beygelzimer, Genady Grabarnik, and Karina Hernandez Adaptive diagnosis in distributed systems IEEE Trans. Neural Networks 16 5 2005 1088 1109
13. IBM, Autonomic Computing, 2014. < http://www.ibm.com/autonomic > (retrieved February 2014).
14. Brendan J. Frey, and Delbert Dueck Clustering by passing messages between data points Science 315 5814 2007 972 976
15. Xiangliang Zhang, Cyril Furtlehner, Michèle Sebag, Data streaming with affinity propagation, in: ECML/PKDD, 2008.
16. S.E. Smaha. Haystack: an intrusion detection system, in: Proceedings of the IEEE Fourth Aerospace Computer Security Applications Conference, 1988.
17. Matthias Schonlau, and Martin Theus Detecting masquerades in intrusion detection based on unpopular commands Inf. Process. Lett. 76 1-2 2000 33 38
18. Xiaohong Guan, Wei Wang, and Xiangliang Zhang Fast intrusion detection based on a non-negative matrix factorization model J. Network Comput. Appl. 32 1 2009 31 44
19. Wei Wang, Xiaohong Guan, and Xiangliang Zhang Processing of massive audit data streams for real-time anomaly intrusion detection Comput. Commun. 31 1 2008 58 72
20. Ke Wang, Salvatore J. Stolfo, Anomalous payload-based network intrusion detection, in: RAID, 2004, pp. 203-222.
21. Xu sheng Gan, Jing shun Duanmu, Jia fu Wang, and Wei Cong Anomaly intrusion detection based on pls feature extraction and core vector machine Knowl.-Based Syst. 40 2013 1 6
22. Christopher Krügel, Giovanni Vigna, Anomaly detection of web-based attacks, in: ACM CCS, 2003, pp. 251-261.
23. Kenneth L. Ingham, Hajime Inoue, Comparing anomaly detection techniques for http, in: RAID, 2007, pp. 42-62.
24. Yingbo Song, Angelos D. Keromytis, Salvatore J. Stolfo, Spectrogram: a mixture-of-markov-chains model for anomaly detection in web traffic, in: NDSS, 2009.
25. Davide Ariu, Roberto Tronci, and Giorgio Giacinto Hmmpayl: an intrusion detection system based on hidden markov models Comput. Secur. 30 4 2011 221 241
26. Sangho Lee, Jong Kim, Warningbird: detecting suspicious urls in twitter stream, in: NDSS, 2012.
27. Abdul Razzaq, Khalid Latif, H. Farooq Ahmad, Ali Hur, Zahid Anwar, and Peter Charles Bloodsworth Semantic security against web application attacks Inf. Sci. 254 1 2014 19 38
28. Gaik-Yee Chan, Chien-Sing Lee, and Swee-Huay Heng Policy-enhanced anfis model to counter soap-related attacks Knowl.-Based Syst. 35 2012 64 76
29. Gaik-Yee Chan, Chien-Sing Lee, and Swee-Huay Heng Discovering fuzzy association rule patterns and increasing sensitivity analysis of xml-related attacks J. Network Comput. Appl. 36 2 2013 829 842
30. Suriadi Suriadi, Douglas Stebila, Andrew J. Clark, Hua Liu, Defending web services against denial of service attacks using client puzzles, in: ICWS, 2011, pp. 25-32.
31. S. Sangeetha, S. Haripriya, S.G. Mohana Priya, V. Vaidehi, N. Srinivasan, Fuzzy rule-base based intrusion detection system on application layer, in: CNSA, 2010, pp. 27-36.
32. Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, and Sal Stolfo A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data Appl. Data Mining Comput. Secur. 2002
33. L. Portnoy, E. Eskin, S. Stolfo, Intrusion Detection with Unlabeled Data Using Clustering, 2001.
34. Kingsly Leung, Christopher Leckie, Unsupervised anomaly detection in network intrusion detection using clusters, in: Proc. 28th Australasian CS Conf., CRPITV, vol. 38, 2005, pp. 333-342.
35. Gabriela F. Cretu, Angelos Stavrou, Michael E. Locasto, Salvatore J. Stolfo, Adaptive anomaly detection via self-calibration and dynamic updating, in: RAID, 2009, pp. 41-60.
36. Martin Rehák, Eugen Staab, Volker Fusenig, Michal Pechoucek, Martin Grill, Jan Stiborek, Karel Bartos, Thomas Engel, Runtime monitoring and dynamic reconfiguration for intrusion detection systems, in: RAID, 2009, pp. 61-80.
37. Murad A. Rassama, Anazida Zainala, and Mohd. Aizaini Maarofaand Adaptive and online data anomaly detection for wireless sensor systems Knowl.-Based Syst. 2014 (available online first)
38. Zhenwei Yu, Jeffrey J.P. Tsai, and Thomas J. Weigert An adaptive automatically tuning intrusion detection system ACM Trans. Auton. Adapt. Syst. 3 3 2008
39. Federico Maggi, William K. Robertson, Christopher Krügel, Giovanni Vigna, Protecting a moving target: addressing web application concept drift, in: RAID, 2009, pp. 21-40.
40. William K. Robertson, Federico Maggi, Christopher Kruegel, Giovanni Vigna, Effective anomaly detection with scarce training data, in: NDSS, 2010.
41. Wei Wang, Florent Masseglia, Thomas Guyet, Rene Quiniou, Marie-Odile Cordier, A general framework for adaptive and online detection of web attacks, in: WWW, 2009, pp. 1141-1142.
42. Xiangliang Zhang, Cyril Furtlehner, Cecile Germain-Renaud, and Michele Sebag Data stream clustering with affinity propagation IEEE Trans. Knowl. Data Eng. 2014 (online first)
43. Joao Gama Knowledge Discovery from Data Streams 2010 Chapman and Hall/CRC
44. Ed. Charu C. Aggarwal, and Chandan K. Reddy Data Clustering: Algorithms and Applications 2013 Chapman and Hall/CRC
45. Avraham Levy, and Michael Lindenbaum Sequential Karhunen-Loeve basis extraction and its application to images IEEE Trans. Image Process. 9 2000 1371 1374
46. Yihua Liao, V. Rao Vemuri, Using text categorization techniques for intrusion detection, in: USENIX Security Symposium, 2002, pp. 51-59.
47. Wei Wang, Xiangliang Zhang, and Sylvain Gombault Constructing attribute weights from computer audit data for effective intrusion detection J. Sys. Soft. 82 12 2009 1974 1981
48. Bernhard Schölkopf, John C. Platt, John Shawe-Taylor, Alex J. Smola, and Robert C. Williamson Estimating the support of a high-dimensional distribution Neural Comput. 13 7 2001 1443 1471
49. I.T. Jolliffe Principal Component Analysis 2nd ed. 2002 Springer-Verlag Berlin
50. R.O. Duda, P.E. Hart, and D.G. Stork Pattern Classification 2004 China Machine Press
51. William K. Robertson, Giovanni Vigna, Christopher Krügel, Richard A. Kemmerer, Using generalization and characterization techniques in the anomaly-based detection of web attacks, in: NDSS, 2006.
52. Chih-Chung Chang, and Chih-Jen Lin LIBSVM: a library for support vector machines ACM Trans. Intell. Syst. Technol. 2 2011 27:1 27:27 Software available at http://www.csie.ntu.edu.tw/∼cjlin/libsvm.
53. Xiangliang Zhang, Cyril Furtlehner, Julien Perez, Cécile Germain-Renaud, Michèle Sebag, Toward autonomic grids: analyzing the job flow with affinity streaming, in: KDD, 2009, pp. 987-996.
54. John McHugh Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory ACM Trans. Inf. Syst. Secur. 3 4 2000 262 294
55. Wei Wang, Xiangliang Zhang, Sylvain Gombault, Svein J. Knapskog, Attribute normalization in network intrusion detection, in: ISPAN, 2009, pp. 448-453.