A new, principled approach to anomaly detection

Erik M. Ferragut, Jason Laska, Robert A. Bridges

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

18 Scopus citations

Abstract

Intrusion detection is often described as having two main approaches: signature-based and anomaly-based. We argue that only unsupervised methods are suitable for detecting anomalies. However, there has been a tendency in the literature to conflate the notion of an anomaly with the notion of a malicious event. As a result, the methods used to discover anomalies have typically been ad hoc, making it nearly impossible to systematically compare between models or regulate the number of alerts. We propose a new, principled approach to anomaly detection that addresses the main shortcomings of ad hoc approaches. We provide both theoretical and cyber-specific examples to demonstrate the benefits of our more principled approach.

Original languageEnglish
Title of host publicationProceedings - 2012 11th International Conference on Machine Learning and Applications, ICMLA 2012
Pages210-215
Number of pages6
DOIs
StatePublished - 2012
Event11th IEEE International Conference on Machine Learning and Applications, ICMLA 2012 - Boca Raton, FL, United States
Duration: Dec 12 2012Dec 15 2012

Publication series

NameProceedings - 2012 11th International Conference on Machine Learning and Applications, ICMLA 2012
Volume2

Conference

Conference11th IEEE International Conference on Machine Learning and Applications, ICMLA 2012
Country/TerritoryUnited States
CityBoca Raton, FL
Period12/12/1212/15/12

Keywords

  • anomaly detection
  • cyber security
  • intrusion detection
  • probabilistic model

Fingerprint

Dive into the research topics of 'A new, principled approach to anomaly detection'. Together they form a unique fingerprint.

Cite this