Please use this identifier to cite or link to this item: https://hdl.handle.net/2440/66401
Type: Journal article
Title: An observation-centric analysis on the modeling of anomaly-based intrusion detection
Author: Zhang, Z.
Shen, H.
Sang, Y.
Citation: International Journal of Network Security, 2007; 4(3):292-305
Publisher: Femto Technique
Issue Date: 2007
ISSN: 1816-353X
1816-3548
Statement of
Responsibility: 
Zonghua Zhang, Hong Shen, Yingpeng Sang
Abstract: It is generally agreed that two key points always attract special concerns during the modelling of anomaly-based intrusion detection. One is the techniques about discerning two classes with different features, another is the construction/ selection of the observed sample of normally occurring patterns for system normality characterization. In this paper, instead of focusing on the design of specific anomaly detection models, we restrict our attention to the analysis of the anomaly detector’s operating environments, which facilitates us to insight into anomaly detectors’ operational capabilities, including their detection coverage and blind spots, and thus to evaluate them in convincing manners. Taking the similarity with the induction problem as the starting point, we cast anomaly detection in a statistical framework, which gives a formal analysis of anomaly detector’s anticipated behavior from a high level. Some existing problems and possible solutions about the normality characterization for the observable subjects that from hosts and networks are addressed respectively. As case studies, several typical anomaly detectors are analyzed and compared from the prospective of their operating environments, especially those factors causing their special detection coverage or blind spots. Moreover, the evaluation of anomaly detectors are also roughly discussed based on some existing benchmarks. Careful analysis shows that the fundamental understanding of the operating environments (i.e., properties of observable subjects) is the elementary but essential stage in the process of establishing an effective anomaly detection model, which therefore worth insightful exploration, especially when we face the dilemma between anomaly detection performance and the computational cost.
Keywords: Anomaly detection
computer security
information security
intrusion detection
misuse detection
Rights: © by IJNS. IJNS journal is an open access journal
Published version: http://ijns.jalaxy.com.tw/download_paper.jsp?PaperID=IJNS-2005-08-03-1&PaperName=ijns-v4-n3/ijns-2007-v4-n3-p292-305.pdf
Appears in Collections:Aurora harvest
Computer Science publications

Files in This Item:
There are no files associated with this item.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.