Reducing False Positives of Network Anomaly Detection by Local Adaptive Multivariate Smoothing
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F17%3A00306972" target="_blank" >RIV/68407700:21230/17:00306972 - isvavai.cz</a>
Result on the web
<a href="http://www.sciencedirect.com/science/article/pii/S0022000016300022" target="_blank" >http://www.sciencedirect.com/science/article/pii/S0022000016300022</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.jcss.2016.03.007" target="_blank" >10.1016/j.jcss.2016.03.007</a>
Alternative languages
Result language
angličtina
Original language name
Reducing False Positives of Network Anomaly Detection by Local Adaptive Multivariate Smoothing
Original language description
Network intrusion detection systems based on the anomaly detection paradigm have high false alarm rate making them difficult to use. To address this weakness, we propose to smooth the outputs of anomaly detectors by online Local Adaptive Multivariate Smoothing (LAMS). LAMS can reduce a large portion of false positives introduced by the anomaly detection by replacing the anomaly detector's output on a network event with an aggregate of its output on all similar network events observed previously. The arguments are supported by extensive experimental evaluation involving several anomaly detectors in two domains: NetFlow and proxy logs. Finally, we show how the proposed solution can be efficiently implemented to process large streams of non-stationary data.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
—
Continuities
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Others
Publication year
2017
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Journal of Computer and System Sciences
ISSN
0022-0000
e-ISSN
1090-2724
Volume of the periodical
83
Issue of the periodical within the volume
1
Country of publishing house
NL - THE KINGDOM OF THE NETHERLANDS
Number of pages
15
Pages from-to
43-57
UT code for WoS article
000384038500004
EID of the result in the Scopus database
2-s2.0-84962684610