A brief observation-centric analysis on anomaly-based intrusion detection

Zonghua Zhang; Hong Shen

doi:10.1007/978-3-540-31979-5_16

A brief observation-centric analysis on anomaly-based intrusion detection

Zonghua Zhang
, Hong Shen

Japan Advanced Institute of Science and Technology

研究成果: Conference article › 同行評審

2 引文斯高帕斯（Scopus）

摘要

This paper is focused on the analysis of the anomaly-based intrusion detectors' operational capabilities and drawbacks, from the perspective of their operating environments, instead of the schemes per se. Based on the similarity with the induction problem, anomaly detection is cast in a statistical framework for describing their general anticipated behaviors. Several key problems and corresponding potential solutions about the normality characterization for the observable subjects from hosts and networks are addressed respectively, together with the case studies of several representative detection models. Anomaly detectors' evaluation are also discussed briefly based on some existing achievements. Careful analysis shows that the fundamental understanding of the operating environments is the essential stage in the process of establishing an effective anomaly detection model, which therefore worth insightful exploration, especially when we face the dilemma between the detection performance and the computational cost.¹

原文	English
頁（從 - 到）	178-191
頁數	14
期刊	Lecture Notes in Computer Science
卷	3439
DOIs	https://doi.org/10.1007/978-3-540-31979-5_16
出版狀態	Published - 2005
對外發佈	是
事件	First International Conference on Information Security, Practice and Experience, ISPEC 2005 - , Singapore 持續時間: 11 4月 2005 → 14 4月 2005

存取文件

10.1007/978-3-540-31979-5_16

其它文件與鏈接

Link to publication in Scopus

引用此

@article{1ea58b5ed48c4b8995d15d59e207f1ad,

title = "A brief observation-centric analysis on anomaly-based intrusion detection",

abstract = "This paper is focused on the analysis of the anomaly-based intrusion detectors' operational capabilities and drawbacks, from the perspective of their operating environments, instead of the schemes per se. Based on the similarity with the induction problem, anomaly detection is cast in a statistical framework for describing their general anticipated behaviors. Several key problems and corresponding potential solutions about the normality characterization for the observable subjects from hosts and networks are addressed respectively, together with the case studies of several representative detection models. Anomaly detectors' evaluation are also discussed briefly based on some existing achievements. Careful analysis shows that the fundamental understanding of the operating environments is the essential stage in the process of establishing an effective anomaly detection model, which therefore worth insightful exploration, especially when we face the dilemma between the detection performance and the computational cost.1",

author = "Zonghua Zhang and Hong Shen",

year = "2005",

doi = "10.1007/978-3-540-31979-5\_16",

language = "English",

volume = "3439",

pages = "178--191",

journal = "Lecture Notes in Computer Science",

issn = "0302-9743",

publisher = "Springer Science and Business Media Deutschland GmbH",

note = "First International Conference on Information Security, Practice and Experience, ISPEC 2005 ; Conference date: 11-04-2005 Through 14-04-2005",

}

TY - JOUR

T1 - A brief observation-centric analysis on anomaly-based intrusion detection

AU - Zhang, Zonghua

AU - Shen, Hong

PY - 2005

Y1 - 2005

N2 - This paper is focused on the analysis of the anomaly-based intrusion detectors' operational capabilities and drawbacks, from the perspective of their operating environments, instead of the schemes per se. Based on the similarity with the induction problem, anomaly detection is cast in a statistical framework for describing their general anticipated behaviors. Several key problems and corresponding potential solutions about the normality characterization for the observable subjects from hosts and networks are addressed respectively, together with the case studies of several representative detection models. Anomaly detectors' evaluation are also discussed briefly based on some existing achievements. Careful analysis shows that the fundamental understanding of the operating environments is the essential stage in the process of establishing an effective anomaly detection model, which therefore worth insightful exploration, especially when we face the dilemma between the detection performance and the computational cost.1

AB - This paper is focused on the analysis of the anomaly-based intrusion detectors' operational capabilities and drawbacks, from the perspective of their operating environments, instead of the schemes per se. Based on the similarity with the induction problem, anomaly detection is cast in a statistical framework for describing their general anticipated behaviors. Several key problems and corresponding potential solutions about the normality characterization for the observable subjects from hosts and networks are addressed respectively, together with the case studies of several representative detection models. Anomaly detectors' evaluation are also discussed briefly based on some existing achievements. Careful analysis shows that the fundamental understanding of the operating environments is the essential stage in the process of establishing an effective anomaly detection model, which therefore worth insightful exploration, especially when we face the dilemma between the detection performance and the computational cost.1

UR - https://www.scopus.com/pages/publications/24644478688

U2 - 10.1007/978-3-540-31979-5_16

DO - 10.1007/978-3-540-31979-5_16

M3 - Conference article

AN - SCOPUS:24644478688

SN - 0302-9743

VL - 3439

SP - 178

EP - 191

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

T2 - First International Conference on Information Security, Practice and Experience, ISPEC 2005

Y2 - 11 April 2005 through 14 April 2005

ER -

A brief observation-centric analysis on anomaly-based intrusion detection

摘要

存取文件

其它文件與鏈接

指紋

引用此