Loading…
Learning combination of anomaly detectors for security domain
This paper presents a novel technique of finding a convex combination of outputs of anomaly detectors maximizing the accuracy in τ-quantile of most anomalous samples. Such an approach better reflects the needs in the security domain in which subsequent analysis of alarms is costly and can be done on...
Saved in:
| Published in: | Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2016-10, Vol.107, p.55-63 |
|---|---|
| Main Authors: | , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c367t-6c086d710a50c14a0e4c1d432ffb068f50077ab9d94a13da05501ce23aac12023 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c367t-6c086d710a50c14a0e4c1d432ffb068f50077ab9d94a13da05501ce23aac12023 |
| container_end_page | 63 |
| container_issue | |
| container_start_page | 55 |
| container_title | Computer networks (Amsterdam, Netherlands : 1999) |
| container_volume | 107 |
| creator | Grill, Martin Pevný, Tomáš |
| description | This paper presents a novel technique of finding a convex combination of outputs of anomaly detectors maximizing the accuracy in τ-quantile of most anomalous samples. Such an approach better reflects the needs in the security domain in which subsequent analysis of alarms is costly and can be done only on a small number of alarms. An extensive experimental evaluation and comparison to prior art on real network data using sets of anomaly detectors of two existing intrusion detection systems shows that the proposed method not only outperforms prior art, it is also more robust to noise in training data labels, which is another important feature for deployment in practice. |
| doi_str_mv | 10.1016/j.comnet.2016.05.021 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1835563658</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1389128616301669</els_id><sourcerecordid>1835563658</sourcerecordid><originalsourceid>FETCH-LOGICAL-c367t-6c086d710a50c14a0e4c1d432ffb068f50077ab9d94a13da05501ce23aac12023</originalsourceid><addsrcrecordid>eNp9kE1LxDAQhoMouK7-Aw8FL15aJ59NDwqy-AULXvQcsmkqKW2yJq2w_95IPXnwlEnmmZfJg9AlhgoDFjd9ZcLo7VSRfKuAV0DwEVphWZOyBtEc55rKpsREilN0llIPAIwRuUK3W6ujd_6jyBE75_Xkgi9CV2gfRj0citZO1kwhpqILsUjWzNFN-Tl3nT9HJ50ekr34Pdfo_fHhbfNcbl-fXjb329JQUU-lMCBFW2PQHAxmGiwzuGWUdN0OhOw4QF3rXdM2TGPaauAcsLGEam0wAULX6HrJ3cfwOds0qdElY4dBexvmpLCknAsquMzo1R-0D3P0ebtMkVoQIpjIFFsoE0NK0XZqH92o40FhUD9OVa8Wp-rHqQKustM8dreM2fzZL2ejSsZZb2zrYrak2uD-D_gGroCAfQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1827622646</pqid></control><display><type>article</type><title>Learning combination of anomaly detectors for security domain</title><source>Library & Information Science Abstracts (LISA)</source><source>ScienceDirect Journals</source><creator>Grill, Martin ; Pevný, Tomáš</creator><creatorcontrib>Grill, Martin ; Pevný, Tomáš</creatorcontrib><description>This paper presents a novel technique of finding a convex combination of outputs of anomaly detectors maximizing the accuracy in τ-quantile of most anomalous samples. Such an approach better reflects the needs in the security domain in which subsequent analysis of alarms is costly and can be done only on a small number of alarms. An extensive experimental evaluation and comparison to prior art on real network data using sets of anomaly detectors of two existing intrusion detection systems shows that the proposed method not only outperforms prior art, it is also more robust to noise in training data labels, which is another important feature for deployment in practice.</description><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/j.comnet.2016.05.021</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Accuracy at top ; Alarms ; Anomalies ; Anomaly detection ; Comparative analysis ; Computer information security ; Convex analysis ; Cost analysis ; Cybersecurity ; Detectors ; Ensemble systems ; Intrusion ; Intrusion detection systems ; Learning ; Network security ; Networks ; Noise ; Positive unlabeled data ; Security ; Sensors ; Studies</subject><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 2016-10, Vol.107, p.55-63</ispartof><rights>2016 Elsevier B.V.</rights><rights>Copyright Elsevier Sequoia S.A. Oct 9, 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c367t-6c086d710a50c14a0e4c1d432ffb068f50077ab9d94a13da05501ce23aac12023</citedby><cites>FETCH-LOGICAL-c367t-6c086d710a50c14a0e4c1d432ffb068f50077ab9d94a13da05501ce23aac12023</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925,34135</link.rule.ids></links><search><creatorcontrib>Grill, Martin</creatorcontrib><creatorcontrib>Pevný, Tomáš</creatorcontrib><title>Learning combination of anomaly detectors for security domain</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>This paper presents a novel technique of finding a convex combination of outputs of anomaly detectors maximizing the accuracy in τ-quantile of most anomalous samples. Such an approach better reflects the needs in the security domain in which subsequent analysis of alarms is costly and can be done only on a small number of alarms. An extensive experimental evaluation and comparison to prior art on real network data using sets of anomaly detectors of two existing intrusion detection systems shows that the proposed method not only outperforms prior art, it is also more robust to noise in training data labels, which is another important feature for deployment in practice.</description><subject>Accuracy at top</subject><subject>Alarms</subject><subject>Anomalies</subject><subject>Anomaly detection</subject><subject>Comparative analysis</subject><subject>Computer information security</subject><subject>Convex analysis</subject><subject>Cost analysis</subject><subject>Cybersecurity</subject><subject>Detectors</subject><subject>Ensemble systems</subject><subject>Intrusion</subject><subject>Intrusion detection systems</subject><subject>Learning</subject><subject>Network security</subject><subject>Networks</subject><subject>Noise</subject><subject>Positive unlabeled data</subject><subject>Security</subject><subject>Sensors</subject><subject>Studies</subject><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><sourceid>F2A</sourceid><recordid>eNp9kE1LxDAQhoMouK7-Aw8FL15aJ59NDwqy-AULXvQcsmkqKW2yJq2w_95IPXnwlEnmmZfJg9AlhgoDFjd9ZcLo7VSRfKuAV0DwEVphWZOyBtEc55rKpsREilN0llIPAIwRuUK3W6ujd_6jyBE75_Xkgi9CV2gfRj0citZO1kwhpqILsUjWzNFN-Tl3nT9HJ50ekr34Pdfo_fHhbfNcbl-fXjb329JQUU-lMCBFW2PQHAxmGiwzuGWUdN0OhOw4QF3rXdM2TGPaauAcsLGEam0wAULX6HrJ3cfwOds0qdElY4dBexvmpLCknAsquMzo1R-0D3P0ebtMkVoQIpjIFFsoE0NK0XZqH92o40FhUD9OVa8Wp-rHqQKustM8dreM2fzZL2ejSsZZb2zrYrak2uD-D_gGroCAfQ</recordid><startdate>20161009</startdate><enddate>20161009</enddate><creator>Grill, Martin</creator><creator>Pevný, Tomáš</creator><general>Elsevier B.V</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20161009</creationdate><title>Learning combination of anomaly detectors for security domain</title><author>Grill, Martin ; Pevný, Tomáš</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c367t-6c086d710a50c14a0e4c1d432ffb068f50077ab9d94a13da05501ce23aac12023</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Accuracy at top</topic><topic>Alarms</topic><topic>Anomalies</topic><topic>Anomaly detection</topic><topic>Comparative analysis</topic><topic>Computer information security</topic><topic>Convex analysis</topic><topic>Cost analysis</topic><topic>Cybersecurity</topic><topic>Detectors</topic><topic>Ensemble systems</topic><topic>Intrusion</topic><topic>Intrusion detection systems</topic><topic>Learning</topic><topic>Network security</topic><topic>Networks</topic><topic>Noise</topic><topic>Positive unlabeled data</topic><topic>Security</topic><topic>Sensors</topic><topic>Studies</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Grill, Martin</creatorcontrib><creatorcontrib>Pevný, Tomáš</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library & Information Sciences Abstracts (LISA)</collection><collection>Library & Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Grill, Martin</au><au>Pevný, Tomáš</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Learning combination of anomaly detectors for security domain</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>2016-10-09</date><risdate>2016</risdate><volume>107</volume><spage>55</spage><epage>63</epage><pages>55-63</pages><issn>1389-1286</issn><eissn>1872-7069</eissn><abstract>This paper presents a novel technique of finding a convex combination of outputs of anomaly detectors maximizing the accuracy in τ-quantile of most anomalous samples. Such an approach better reflects the needs in the security domain in which subsequent analysis of alarms is costly and can be done only on a small number of alarms. An extensive experimental evaluation and comparison to prior art on real network data using sets of anomaly detectors of two existing intrusion detection systems shows that the proposed method not only outperforms prior art, it is also more robust to noise in training data labels, which is another important feature for deployment in practice.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.comnet.2016.05.021</doi><tpages>9</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1389-1286 |
| ispartof | Computer networks (Amsterdam, Netherlands : 1999), 2016-10, Vol.107, p.55-63 |
| issn | 1389-1286 1872-7069 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1835563658 |
| source | Library & Information Science Abstracts (LISA); ScienceDirect Journals |
| subjects | Accuracy at top Alarms Anomalies Anomaly detection Comparative analysis Computer information security Convex analysis Cost analysis Cybersecurity Detectors Ensemble systems Intrusion Intrusion detection systems Learning Network security Networks Noise Positive unlabeled data Security Sensors Studies |
| title | Learning combination of anomaly detectors for security domain |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T12%3A54%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Learning%20combination%20of%20anomaly%20detectors%20for%20security%20domain&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Grill,%20Martin&rft.date=2016-10-09&rft.volume=107&rft.spage=55&rft.epage=63&rft.pages=55-63&rft.issn=1389-1286&rft.eissn=1872-7069&rft_id=info:doi/10.1016/j.comnet.2016.05.021&rft_dat=%3Cproquest_cross%3E1835563658%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c367t-6c086d710a50c14a0e4c1d432ffb068f50077ab9d94a13da05501ce23aac12023%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1827622646&rft_id=info:pmid/&rfr_iscdi=true |