Autonomic Intrusion Detection System

11 years 11 months ago
Autonomic Intrusion Detection System
Abstract. We propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection in unlabeled audit data streams. The framework owns ability of self-managing: selflabeling, self-updating and self-adapting. Affinity Propagation (AP) uses the framework to learn a subject’s behavior through dynamical clustering of the streaming data. The testing results with a large real HTTP log stream demonstrate the effectiveness and efficiency of the method. 1 Problem statement, motivation and solution Anomaly Intrusion Detection Systems (IDS) are important in current network security framework. Insomuch as data involved in current network environments evolves continuously and as the normal behavior of a subject may have some changes over time, a static anomaly IDS is often ineffective. The detection models should be frequently updated by incorporating new incoming normal examples and be adapted to behavioral changes. To achieve this goal, there are at...
Wei Wang 0012, Thomas Guyet, Svein J. Knapskog
Added 27 May 2010
Updated 27 May 2010
Type Conference
Year 2009
Where RAID
Authors Wei Wang 0012, Thomas Guyet, Svein J. Knapskog
Comments (0)