15,614 Hits in 4.4 sec

Statistical Evaluation of Anomaly Detectors for Sequences [article]

Erik Scharwächter, Emmanuel Müller
2020 arXiv   pre-print
In this work, we formalize a notion of precision and recall with temporal tolerance for point-based anomaly detection in sequential data.  ...  We perform a statistical simulation study to demonstrate that precision and recall may overestimate the performance of a detector, when computed with temporal tolerance.  ...  Precision and recall are two measures routinely used to evaluate the performance of anomaly detectors, both for iid data and for sequential data.  ... 
arXiv:2008.05788v1 fatcat:r3zbmawqkzhzxpsxxctpfet5hm

Detection and classification of intrusions and faults using sequences of system calls

João B. D. Cabrera, Lundy Lewis, Raman K. Mehra
2001 SIGMOD record  
To achieve Classification, in this paper we introduce the concept of Anomaly Dictionaries, which are the sets of anomalous sequences for each type of anomaly.  ...  The sequences in the Anomalous Dictionary enable a description of Self for the Anomalies, analogous to the definition of Self for Privileged Programs given by the Normal Dictionaries.  ...  In section 4 we formally evaluate the performance of the stide based detector using a variation of the well known leave-oneout procedure of Statistical Pattern Recognition (eg. [5] , p. 220).  ... 
doi:10.1145/604264.604269 fatcat:k25l3qdngbgopgbdxwr3ff36ke

An Observation-Centric Analysis on the Modeling of Anomaly-based Intrusion Detection

Zonghua Zhang, Hong Shen, Yingpeng Sang
2007 International Journal of Network Security  
Moreover, the evaluation of anomaly detectors are also roughly discussed based on some existing benchmarks.  ...  insight into anomaly detectors' operational capabilities, including their detection coverage and blind spots, and thus to evaluate them in convincing manners.  ...  Evaluation of the Anomaly Detectors Another hard stone in the anomaly detection research community is the anomaly detectors' evaluation.  ... 
dblp:journals/ijnsec/ZhangSS07 fatcat:yczzdvyyjrfblm5ktt57z535ae

On achieving good operating points on an ROC plane using stochastic anomaly score prediction

Muhammad Qasim Ali, Hassan Khan, Ali Sajjad, Syed Ali Khayam
2009 Proceedings of the 16th ACM conference on Computer and communications security - CCS '09  
We first perform statistical and information-theoretic analyses of network-and host-based IDSs' anomaly scores to reveal a consistent time correlation structure during benign activity periods.  ...  ROC curves have historically been used to evaluate the accuracy of Intrusion Detection Systems (IDSs).  ...  STATISTICAL ANALYSIS OF ANOMALY SCORES In this section, we evaluate statistical properties of an IDS' anomaly scores that can be used to automatically model and adapt its classification threshold.  ... 
doi:10.1145/1653662.1653700 dblp:conf/ccs/AliKSK09 fatcat:xp4akadkd5eftaqzhzd7e36rb4

Improve black-box sequential anomaly detector relevancy with limited user feedback [article]

Luyang Kong, Lifan Chen, Ming Chen, Parminder Bhatia, Laurent Callot
2020 arXiv   pre-print
Anomaly detectors are often designed to catch statistical anomalies. End-users typically do not have interest in all of the detected outliers, but only those relevant to their application.  ...  Given an existing black-box sequential anomaly detector, this paper proposes a method to improve its user relevancy using a small number of human feedback.  ...  Moreover, we thank Kristjan Arumae for providing valuable feedbacks.  ... 
arXiv:2009.07241v1 fatcat:tvpwff7xhbeona4nypan2wynh4

Simple, state-based approaches to program-based anomaly detection

C. C. Michael, Anup Ghosh
2002 ACM Transactions on Privacy and Security  
The performance of these algorithms is evaluated as a function of the amount of available training data, and they are compared to the well-known intrusion detection technique of looking for novel n-grams  ...  The algorithms detect anomalies in execution audit data. One is a simply constructed finite-state machine, and the other two monitor statistical deviations from normal program behavior.  ...  In this section, we evaluate the detectors with new test data. The new data consists of three weeks of additional data from Lincoln Labs; this data was not used for tuning or evaluation in Section 5.  ... 
doi:10.1145/545186.545187 fatcat:3f5sdr7ri5grhcucmgawdlp2ea

A Deep Learning Approach to Anomaly Sequence Detection for High-Resolution Monitoring of Power Systems [article]

Kursat Rasim Mestav, Xinyi Wang, Lang Tong
2021 arXiv   pre-print
By transforming the anomaly-free observations into uniform independent and identically distributed sequences via a generative adversarial network, the proposed approach deploys a uniformity test for anomaly  ...  Historical training samples are assumed for the anomaly-free model, while no training samples are available for the anomaly measurements.  ...  There is no standard data model that leads to well-defined statistical tests for anomaly-free data. We consider three types of anomalies.  ... 
arXiv:2012.05163v2 fatcat:k4rlbwllsfajjmey3pciu4yyfm

Frequency-based anomaly detection for the automotive CAN bus

Adrian Taylor, Nathalie Japkowicz, Sylvain Leblanc
2015 2015 World Congress on Industrial Control Systems Security (WCICSS)  
As part of a defence against these attacks, we evaluate an anomaly detector for the automotive controller area network (CAN) bus.  ...  We also show how a similar measure of the data contents of packets is not effective for identifying anomalies.  ...  Consequently we only evaluated results using the time test statistic for the flow detector. ROC curves for for the time statistic detector are shown in Fig. 1 for a range of test cases.  ... 
doi:10.1109/wcicss.2015.7420322 dblp:conf/wcicss/TaylorJL15 fatcat:45dwtabzvndj3co3kpygzkvpri

Combining Multiple Host-Based Detectors Using Decision Tree [chapter]

Sang-Jun Han, Sung-Bae Cho
2003 Lecture Notes in Computer Science  
Combining multiple detectors can be a good solution for this problem of conventional anomaly detectors.  ...  In the field of anomaly-based IDS several artificial intelligence techniques are used to model normal behavior.  ...  In this paper, to overcome drawbacks of the conventional anomaly detection techniques, we propose an anomaly-based detection technique that combines multiple detectors.  ... 
doi:10.1007/978-3-540-24581-0_18 fatcat:4gu56uvsdrba7bhx3lopaofn6m

Anomaly Detection for Symbolic Time Series Representations of Reduced Dimensionality

Konstantinos Bountrogiannis, George Tzagkarakis, Panagiotis Tsakalides
2020 Zenodo  
approximation for dimensionality reduction and a statistical hypothesis testing based on the Kullback-Leibler divergence.  ...  In this paper, we propose a computationally efficient, yet highly accurate, framework for anomaly detection of streaming data in lower-dimensional spaces, utilizing a modification of the symbolic aggregate  ...  Having generated the symbolic sequence of length M for the current window, the frequency distribution of the α alphabet symbols is calculated next for the M -sized sequence.  ... 
doi:10.5281/zenodo.4294535 fatcat:xgeuh4zx7fe5rnwpwjxjoyig24

Distinguishing Non-natural from Natural Adversarial Samples for More Robust Pre-trained Language Model [article]

Jiayi Wang, Rongzhou Bao, Zhuosheng Zhang, Hai Zhao
2022 arXiv   pre-print
We question the validity of current evaluation of robustness of PrLMs based on these non-natural adversarial samples and propose an anomaly detector to evaluate the robustness of PrLMs with more natural  ...  We also investigate two applications of the anomaly detector: (1) In data augmentation, we employ the anomaly detector to force generating augmented data that are distinguished as non-natural, which brings  ...  For each original sequence, we continuously generate augmented sequences until the anomaly detector distinguishes one as anomaly.  ... 
arXiv:2203.11199v1 fatcat:565gjmk26jdsxlotmh3ouqhzza

Revisit network anomaly ranking in datacenter network using re-ranking

Shaohan Huango, Carol Fung, Kui Wang, Yaqi Yang, Zhongzhi Luan, Depei Qian
2015 2015 IEEE 4th International Conference on Cloud Networking (CloudNet)  
In this situation, system monitoring and intrusion detection become essential to control the risks of such networks.  ...  With the continuous growth of modern datacenter networks in recent years, network intrusions targeting those datacenters have also been growing rapidly.  ...  We use the output of the unsupervised detector, which is a sequence of sorted data points and real sequence result as input for the regression model.  ... 
doi:10.1109/cloudnet.2015.7335302 dblp:conf/cloudnet/HuangoFWYLQ15 fatcat:hupubrzqrnbpxf5csxmmh6rhyi

Recurrent Neural Radio Anomaly Detection [article]

Timothy J O'Shea, T. Charles Clancy, Robert W. McGwier
2016 arXiv   pre-print
We introduce a powerful recurrent neural network based method for novelty detection to the application of detecting radio anomalies.  ...  This approach holds promise in significantly increasing the ability of naive anomaly detection to detect small anomalies in highly complex complexity multi-user radio bands.  ...  LSTM Anomaly Detector on LTE Band Fig. 10.  ... 
arXiv:1611.00301v1 fatcat:7vyp4uzhrjgpdn3vmizgzhzo7q

Multi-Level Anomaly Detection on Time-Varying Graph Data [article]

Robert A. Bridges, John Collins, Erik M. Ferragut, Jason Laska, Blair D. Sullivan
2015 arXiv   pre-print
For evaluation, two hierarchical anomaly detectors are tested against a baseline Gaussian method on a series of sampled graphs.  ...  This work presents a novel modeling and analysis framework for graph sequences which addresses the challenge of detecting and contextualizing anomalies in labelled, streaming graph data.  ...  For evaluation, two hierarchical anomaly detectors are tested against a baseline Gaussian method on a series of sampled graphs.  ... 
arXiv:1410.4355v4 fatcat:3ugeheehfbaavd2pjmgjddhilm

Testing Detector Parameterization Using Evolutionary Exploit Generation [chapter]

Hilmi G. Kayacık, A. Nur Zincir-Heywood, Malcolm I. Heywood, Stefan Burschka
2009 Lecture Notes in Computer Science  
The testing of anomaly detectors is considered from the perspective of a Multi-objective Evolutionary Exploit Generator (EEG).  ...  In this work we focus on the parameterization of the second generation anomaly detector 'pH' and demonstrate how use of an EEG may identify weak parameterization of the detector.  ...  Acknowledgements The authors gratefully acknowledge the support of SwissCom Innovations, MI-TACS, CFI and NSERC grant programs.  ... 
doi:10.1007/978-3-642-01129-0_13 fatcat:a7zf7y3uafd57ksfr63vcxdmia
« Previous Showing results 1 — 15 out of 15,614 results