The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Anomaly detection is a domain that represents the key for the future of data mining. We will try to present some key anomaly detection methods applicable in the data mining process. Some methods are existing techniques as the DBSCAN algorithm and some have just been presented to the public recently and could be the answer to future anomaly detection development. One example is the filtering-and-refinement...
Anomaly detection is considered an important data mining task, aiming at the discovery of elements (also known as outliers) that show significant diversion from the expected case. More specifically, given a set of objects the problem is to return the suspicious objects that deviate significantly from the typical behavior. As in the case of clustering, the application of different criteria lead to...
DBSCAN is one of powerful density-based clustering algorithms for detecting outliers, but there are some difficulties in finding its parameters (epsilon and minpts). Currently, there is also no way to use DBSCAN with different parameters for different cluster when it is applied to anomaly detection when network traffic includes multiple traffic types with different characteristics. In this paper,...
Anomaly detection in data streams is the problem of extracting subsequences, which do not match an expected behavior. Its importance originates from its applicability in many fields such as system health monitoring, event detection in sensor networks, and detecting eco-system disturbances, etc. In detecting anomalous subsequences from data streams, the main challenge for the existing techniques is...
Fraud is increasing with the extensive use of internet and the increase of online transactions. More advanced solutions are desired to protect financial service companies and credit card holders from constantly evolving online fraud attacks. The main objective of this paper is to construct an efficient fraud detection system which is adaptive to the behavior changes by combining classification and...
IDS (Intrusion Detection system) is an active and driving defense technology. This paper mainly focuses on intrusion detection based on data mining. The aim is to improve the detection rate and decrease the false alarm rate, and the main research method is clustering analysis. The algorithm and model of ID are proposed and corresponding simulation experiments are presented. Firstly, a method to reduce...
System anomaly detection is very important for development, maintenance and performance refinement in large scale distributed systems. It's a good way to obtain the troubleshooting and problem diagnosis by analyzing system logs produced by distributed systems. However, due to the increasing scale and complexity of distributed systems, the size of logs must be very large. Thus, it's inefficient for...
This study was on the computer network layer and application layer data packet interception, analysis, analysis of network data flow filter, protocol decoding, multi-node collaborative detection, anomaly feature extraction, pattern discovery algorithms, intrusion detection model, network-level intrusion detection The algorithm and protocol analysis test method and so on, trying to find fast and efficient...
Detecting anomaly nodes from graphs is an important objective in many applications ranging from social networks to World Wide Web. Recently several methods have been proposed to address this problem. A limitation of most of these methods is that they are based on the random walk of the graph, and often fail to be effective. In this paper, we propose a new framework to detect anomaly nodes within a...
Unsupervised anomaly detection is an important topic of data mining research, especially with respect to non-numerical sequence data. However, the majority of previous algorithms features empirical parameter selection. The contribution of this study is twofold: First, we show how the Akaike Information Criterion can be used to set the parameter of the spectrum kernel. Second, a distance-based algorithm...
For solving the problem of less information getting about unknown intrusions in anomaly detection, a model based on hybrid SVM/SOM is proposed. Firstly, C-SVM is used to find out the anomalous connections, and then, a packet filtering scheme is used to remove the known intrusions, which is performed by one-class SVM, after that, the identified unknown intrusions are projected onto the output grid...
The traditional IDS can not effectively manage the new continuously changing intrusion detection attacks. To deal with the problem, data mining based intrusion detection methods have been the hot fields in intrusion detection research. An outlier mining based adaptive intrusion detection framework is proposed in this paper. In the proposed framework, the outliers are firstly detected by similarity...
This paper addresses a major challenge in data mining applications where the full information about the underlying processes, such as sensor networks or large online database, cannot be practically obtained due to physical limitations such as low bandwidth or memory, storage, or computing power. Motivated by the recent theory on direct information sampling called compressed sensing (CS), we propose...
Anomaly detection is an important data mining task. Most existing methods treat anomalies as inconsistencies and spend the majority amount of time on modeling normal instances. A recently proposed, sampling-based approach may substantially boost the efficiency in anomaly detection but may also lead to weaker accuracy and robustness. In this study, we propose a two-stage approach to find anomalies...
An innovative knowledge-based methodology for terrorist detection by using Web traffic content as the audit information is presented. The proposed methodology learns the typical behavior (`profile') of terrorists by applying a data mining algorithm to the textual content of terror-related Web sites. The resulting profile is used by the system to perform real-time detection of users suspected of being...
The major weakness in modern detection methods in the snorts is that the power of snorts is restricted only to the network on which algorithms are applied. This paper presents a new method to solve issues considering locality. We place anomaly detection algorithms that used in snorts in form of services within verified servers. The major advantage of this method is that the former snort strategies...
Today, large scale computer systems have become an important component in production and scientific computing and lead to rapid advances in many disciplines. However, the size, and complexity of systems make them very difficult to detect unusual nodes automatically and traditional host monitoring tools are not capable of dealing with the need of anomaly detection in large amount of nodes. In this...
Most anomaly detection methods can not be fit for the changing and complex network. High noise and updating normality profiles not in time will lead to high false alarm rate. In this paper, a new anomaly detection algorithm using improved hierarchy clustering, called ADIHC, is proposed in this paper. It applies an improved hierarchy clustering tree to organize clusters which are obtained by density-based...
Anomaly detection of executable program is a security detection solution that examines whether security violation issues exist in programs. The paper presents a novel anomaly detection approach for executable program security (ADEPS), which monitors program executions and detects anomalous program behaviors. Through reverse analysis of executable program, critical behavior monitoring points can be...
The popularity of P2P networks makes them an attractive target for hackers. Potential vulnerabilities in the software used in P2P networking represent a big threat for users and the whole community. To prevent and mitigate the risks, intrusion detection techniques have been traditionally applied. In this work in progress, a Markov based technique is applied to the detection of anomalies in the usage...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.