2000 BenchmarkingAnomalyBasedDetecti

From GM-RKB
Jump to navigation Jump to search

Subject Headings: Anomaly Detection Task.

Notes

Cited By

Quotes

Abstract

Anomaly detection is a key element of intrusion-detection and other detection systems in which perturbations of normal behavior suggest the presence of intentionally or unintentionally induced attacks, faults, defects, etc. Because most anomaly detectors are based on probabilistic algorithms that exploit the intrinsic structure, or regularity, embedded in data logs, a fundamental question is whether such structure influences detection performance. If detector performance were indeed a function of environmental regularity, it would be critical to match detectors to environmental characteristics. In intrusion-detection settings, however, this is not done, possibly because such characteristics are not easily ascertained. This paper introduces a metric for characterizing structure in data environments, and tests the hypothesisthat intrinsic structure influences probabilistic detection. In a series of experiments, an anomaly-detection algorithm was applied to a benchmark suite of 165 carefully calibrated, anomaly-injected datasets of varying structure. Results showed performance differences of as much as an order of magnitude, indicating that current approaches to anomaly detection may not be universally dependable.

References

;

 AuthorvolumeDate ValuetitletypejournaltitleUrldoinoteyear
2000 BenchmarkingAnomalyBasedDetectiRoy A. Maxion
Kymie M. C. Tan
Benchmarking Anomaly-Based Detection Systems2000