TY - JOUR
T1 - Autonomic intrusion detection: Adaptively detecting anomalies over unlabeled audit data streams in computer networks
AU - Wang, Wei
AU - Guyet, Thomas
AU - Quiniou, René
AU - Cordier, Marie-Odile
AU - Masseglia, Florent
AU - Zhang, Xiangliang
N1 - KAUST Repository Item: Exported on 2020-10-01
PY - 2014/6/22
Y1 - 2014/6/22
N2 - In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.
AB - In this work, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-managing: self-labeling, self-updating and self-adapting. Our framework employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies. Two large real HTTP traffic streams collected in our institute as well as a set of benchmark KDD’99 data are used to validate the framework and the method. The test results show that the autonomic model achieves better results in terms of effectiveness and efficiency compared to adaptive Sequential Karhunen–Loeve method and static AP as well as three other static anomaly detection methods, namely, k-NN, PCA and SVM.
UR - http://hdl.handle.net/10754/556654
UR - http://linkinghub.elsevier.com/retrieve/pii/S0950705114002391
UR - http://www.scopus.com/inward/record.url?scp=84908477169&partnerID=8YFLogxK
U2 - 10.1016/j.knosys.2014.06.018
DO - 10.1016/j.knosys.2014.06.018
M3 - Article
SN - 0950-7051
VL - 70
SP - 103
EP - 117
JO - Knowledge-Based Systems
JF - Knowledge-Based Systems
ER -