@inproceedings{ed94a7325512446ba6204c54c6120f62,
title = "A new, principled approach to anomaly detection",
abstract = "Intrusion detection is often described as having two main approaches: signature-based and anomaly-based. We argue that only unsupervised methods are suitable for detecting anomalies. However, there has been a tendency in the literature to conflate the notion of an anomaly with the notion of a malicious event. As a result, the methods used to discover anomalies have typically been ad hoc, making it nearly impossible to systematically compare between models or regulate the number of alerts. We propose a new, principled approach to anomaly detection that addresses the main shortcomings of ad hoc approaches. We provide both theoretical and cyber-specific examples to demonstrate the benefits of our more principled approach.",
keywords = "anomaly detection, cyber security, intrusion detection, probabilistic model",
author = "Ferragut, {Erik M.} and Jason Laska and Bridges, {Robert A.}",
year = "2012",
doi = "10.1109/ICMLA.2012.151",
language = "English",
isbn = "9780769549132",
series = "Proceedings - 2012 11th International Conference on Machine Learning and Applications, ICMLA 2012",
pages = "210--215",
booktitle = "Proceedings - 2012 11th International Conference on Machine Learning and Applications, ICMLA 2012",
note = "11th IEEE International Conference on Machine Learning and Applications, ICMLA 2012 ; Conference date: 12-12-2012 Through 15-12-2012",
}