Results 1 - 10
of
385
Anomaly Detection: A Survey
, 2007
"... Anomaly detection is an important problem that has been researched within diverse research areas and application domains. Many anomaly detection techniques have been specifically developed for certain application domains, while others are more generic. This survey tries to provide a structured and c ..."
Abstract
-
Cited by 540 (5 self)
- Add to MetaCart
Anomaly detection is an important problem that has been researched within diverse research areas and application domains. Many anomaly detection techniques have been specifically developed for certain application domains, while others are more generic. This survey tries to provide a structured and comprehensive overview of the research on anomaly detection. We have grouped existing techniques into different categories based on the underlying approach adopted by each technique. For each category we have identified key assumptions, which are used by the techniques to differentiate between normal and anomalous behavior. When applying a given technique to a particular domain, these assumptions can be used as guidelines to assess the effectiveness of the technique in that domain. For each category, we provide a basic anomaly detection technique, and then show how the different existing techniques in that category are variants of the basic technique. This template provides an easier and succinct understanding of the techniques belonging to each category. Further, for each category, we identify the advantages and disadvantages of the techniques in that category. We also provide a discussion on the computational complexity of the techniques since it is an important issue in real application domains. We hope that this survey will provide a better understanding of the di®erent directions in which research has been done on this topic, and how techniques developed in one area can be applied in domains for which they were not intended to begin with.
Computer Immunology
- Communications of the ACM
, 1996
"... Natural immune systems protect animals from dangerous foreign pathogens, including bacteria, viruses, parasites, and toxins. Their role in the body is analogous to that of computer security systems in computing. Although there are many differences between living organisms and computer systems, this ..."
Abstract
-
Cited by 226 (8 self)
- Add to MetaCart
(Show Context)
Natural immune systems protect animals from dangerous foreign pathogens, including bacteria, viruses, parasites, and toxins. Their role in the body is analogous to that of computer security systems in computing. Although there are many differences between living organisms and computer systems, this article argues that the similarities are compelling and could point the way to improved computer security. Improvements can be achieved by designing computer immune systems that have some of the important properties illustrated by natural immune systems. These include multi-layered protection, highly distributed detection and memory systems, diversity of detection ability across individuals, inexact matching strategies, and sensitivity to most new foreign patterns. We first give an overview of how the immune system relates to computer security. We then illustrate these ideas with two examples.
Novelty Detection: A Review - Part 1: Statistical Approaches
- Signal Processing
, 2003
"... Novelty detection is the identification of new or unknown data or signal that a machine learning system is not aware of during training. Novelty detection is one of the fundamental requirements of a good classification or identification system since sometimes the test data contains information abou ..."
Abstract
-
Cited by 204 (0 self)
- Add to MetaCart
Novelty detection is the identification of new or unknown data or signal that a machine learning system is not aware of during training. Novelty detection is one of the fundamental requirements of a good classification or identification system since sometimes the test data contains information about objects that were not known at the time of training the model. In this paper we provide stateof -the-art review in the area of novelty detection based on statistical approaches. The second part paper details novelty detection using neural networks. As discussed, there are a multitude of applications where novelty detection is extremely important including signal processing, computer vision, pattern recognition, data mining, and robotics.
Architecture for an Artificial Immune System
, 2000
"... An articial immune system (ARTIS) is described which incorporates many properties of natural immune systems, including diversity, distributed computation, error tolerance, dynamic learning and adaptation and self-monitoring. ARTIS is a general framework for a distributed adaptive system and could ..."
Abstract
-
Cited by 173 (10 self)
- Add to MetaCart
(Show Context)
An articial immune system (ARTIS) is described which incorporates many properties of natural immune systems, including diversity, distributed computation, error tolerance, dynamic learning and adaptation and self-monitoring. ARTIS is a general framework for a distributed adaptive system and could, in principle, be applied to many domains. In this paper, ARTIS is applied to computer security, in the form of a network intrusion detection system called LISYS. LISYS is described and shown to be eective at detecting intrusions, while maintaining low false positive rates. Finally, similarities and dierences between ARTIS and Holland's classier systems are discussed. 1 INTRODUCTION The biological immune system (IS) is highly complicated and appears to be precisely tuned to the problem of detecting and eliminating infections. We believe that the IS provides a compelling example of a massively-parallel adaptive information-processing system, one which we can study for the purpose o...
Hardening COTS Software with Generic Software Wrappers
- IN PROCEEDINGS OF THE IEEE SYMPOSIUM ON SECURITY AND PRIVACY
, 1999
"... Numerous techniques exist to augment the security functionality of Commercial Off-The-Shelf (COTS) applications and operating systems, making them more suitable for use in mission-critical systems. Although individually useful, as a group these techniques present difficulties to system developers be ..."
Abstract
-
Cited by 156 (3 self)
- Add to MetaCart
Numerous techniques exist to augment the security functionality of Commercial Off-The-Shelf (COTS) applications and operating systems, making them more suitable for use in mission-critical systems. Although individually useful, as a group these techniques present difficulties to system developers because they are not based onacommon framework which might simplify integration and promote portability and reuse. This paper presents techniques for developing Generic Software Wrappers -- protected, non-bypassable kernel-resident software extensions for augmenting security without modi cation of COTS source. We describe the key elements of our work: our high-level Wrapper Definition Language (WDL), and our framework for configuring, activating, and managing wrappers. We also discuss code reuse, automatic management of extensions, a framework for system-building through composition, platform-independence, and our experiences with our Solaris and FreeBSD prototypes.
An Immunological Approach to Change Detection: Algorithms
- Analysis and Implications,” IEEE Symposium on Security and Privacy
, 1996
"... We present new results on a distributable changedetection method inspired by the natural immune system. A weakness in the original algorithm was the exponential cost of generating detectors. Two detector-generating algorithms are introduced which run in linear time. The algorithms are analyzed, heur ..."
Abstract
-
Cited by 146 (21 self)
- Add to MetaCart
(Show Context)
We present new results on a distributable changedetection method inspired by the natural immune system. A weakness in the original algorithm was the exponential cost of generating detectors. Two detector-generating algorithms are introduced which run in linear time. The algorithms are analyzed, heuristics are given for setting parameters based on the analysis, and the presence of holes in detector space is examined. The analysis provides a basis for assessing the practicality of the algorithms in specific settings, and some of the implications are discussed. 1.
An introduction to collective intelligence
- Handbook of Agent technology. AAAI
, 1999
"... ..."
(Show Context)
Copilot - a coprocessor-based kernel runtime integrity monitor
- In Proceedings of the 13th USENIX Security Symposium
, 2004
"... Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host’s kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1 % penalty to the ..."
Abstract
-
Cited by 133 (5 self)
- Add to MetaCart
(Show Context)
Copilot is a coprocessor-based kernel integrity monitor for commodity systems. Copilot is designed to detect malicious modifications to a host’s kernel and has correctly detected the presence of 12 real-world rootkits, each within 30 seconds of their installation with less than a 1 % penalty to the host’s performance. Copilot requires no modifications to the protected host’s software and can be expected to operate correctly even when the host kernel is thoroughly compromised – an advantage over traditional monitors designed to run on the host itself. 1
A biologically inspired immune system for computers
- IN PROC. OF THE FOURTH INTERNATIONAL WORKSHOP ON SYNTHESIS AND SIMULATION OF LIVING SYSTEMS, ARTIFICIAL LIFE IV
, 1994
"... Computer viruses are the first and only form of artificial life to have had a measurable impact on society. Currently, they are a relatively manageable nuisance. However, two alarming trends are likely tomake computer viruses a much greater threat. First, the rate at which new viruses are being writ ..."
Abstract
-
Cited by 133 (0 self)
- Add to MetaCart
(Show Context)
Computer viruses are the first and only form of artificial life to have had a measurable impact on society. Currently, they are a relatively manageable nuisance. However, two alarming trends are likely tomake computer viruses a much greater threat. First, the rate at which new viruses are being written is high, and accelerating. Second, the trend towards increasing interconnectivity and interoperability among computers will enable computer viruses and worms to spread much more rapidly than they do today. To address these problems, we have designed an immune system for computers and computer networks that takes much of its inspiration from nature. Like the vertebrate immune system, our system develops antibodies to previously unencountered computer viruses or worms and remembers them so as to recognize and respond to them more quickly in the future. We are careful to minimize the risk of an auto-immune response, in which the immune system mistakenly identifies legitimate software as being undesirable. We also employ nature's technique of fighting self-replication with self-replication, which our theoretical studies have shown to be highly effective. Many components of the proposed immune system are already being used to automate computer virus analysis in our laboratory, and we anticipate that this technology will gradually be incorporated into IBM's commercial anti-virus product during the next year or two.
Novelty Detection in Time Series Data using Ideas from Immunology
- In Proceedings of The International Conference on Intelligent Systems
, 1995
"... Detecting anomalies in time series data is a problem of great practical interest in many manufacturing and signal processing applications. This paper presents a novelty detection algorithm inspired by the negative-selection mechanism of the immune system, which discriminates between self and other. ..."
Abstract
-
Cited by 133 (20 self)
- Add to MetaCart
(Show Context)
Detecting anomalies in time series data is a problem of great practical interest in many manufacturing and signal processing applications. This paper presents a novelty detection algorithm inspired by the negative-selection mechanism of the immune system, which discriminates between self and other. Here self is defined to be normal data patterns and non-self is any deviation exceeding an allowable variation. An example application, simulated cutting dynamics in a milling operation, is presented, and the performance of the algorithm in detecting the tool breakage is reported. 1 INTRODUCTION The normal behavior of a system is often characterized by a series of observations over time. The problem of detecting novelties or anomalies can be viewed as finding non permitted deviations of a characteristic property in the system of interest. The detection of novelty is an important task in many diagnostic and monitoring systems. In safety-critical applications, it is essential to detect the o...
