All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Reducing False Positives of Network Anomaly Detection by Local Adaptive Multivariate Smoothing

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F17%3A00306972" target="_blank" >RIV/68407700:21230/17:00306972 - isvavai.cz</a>

  • Result on the web

    <a href="http://www.sciencedirect.com/science/article/pii/S0022000016300022" target="_blank" >http://www.sciencedirect.com/science/article/pii/S0022000016300022</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1016/j.jcss.2016.03.007" target="_blank" >10.1016/j.jcss.2016.03.007</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Reducing False Positives of Network Anomaly Detection by Local Adaptive Multivariate Smoothing

  • Original language description

    Network intrusion detection systems based on the anomaly detection paradigm have high false alarm rate making them difficult to use. To address this weakness, we propose to smooth the outputs of anomaly detectors by online Local Adaptive Multivariate Smoothing (LAMS). LAMS can reduce a large portion of false positives introduced by the anomaly detection by replacing the anomaly detector's output on a network event with an aggregate of its output on all similar network events observed previously. The arguments are supported by extensive experimental evaluation involving several anomaly detectors in two domains: NetFlow and proxy logs. Finally, we show how the proposed solution can be efficiently implemented to process large streams of non-stationary data.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2017

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Journal of Computer and System Sciences

  • ISSN

    0022-0000

  • e-ISSN

    1090-2724

  • Volume of the periodical

    83

  • Issue of the periodical within the volume

    1

  • Country of publishing house

    NL - THE KINGDOM OF THE NETHERLANDS

  • Number of pages

    15

  • Pages from-to

    43-57

  • UT code for WoS article

    000384038500004

  • EID of the result in the Scopus database

    2-s2.0-84962684610

Similar results(10)

Efficient anomaly detection through surrogate neural networksSimilarity as a central approach to flow-based anomaly detectionEvaluation of Association Rules Extracted during Anomaly Explanation