Skip to main content
Book Chapter

Learning Rules and Clusters for Anomaly Detection in Network Traffic

  • Chan P
  • Mahoney M
  • Arshad M
Springer-Verlag, (2005), 81-99
DOI: 10.1007/0-387-24230-9_3
N/ACitations
Citations of this article
28Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Much of the intrusion detection research focuses on signature (misuse) detection, where models are built to recognize known attacks. However, signature detection, by its nature, cannot detect novel attacks. Anomaly detection focuses on modeling the normal behavior and identifying significant deviations, which could be novel attacks. In this chapter we explore two machine learning methods that can construct anomaly detection models from past behavior. The first method is a rule learning algorithm that characterizes normal behavior in the absence of labeled attack data. The second method uses a clustering algorithm to identify outliers.

Cite

CITATION STYLE

APA

Chan, P. K., Mahoney, M. V., & Arshad, M. H. (2005). Learning Rules and Clusters for Anomaly Detection in Network Traffic. In Managing Cyber Threats (pp. 81–99). Springer-Verlag. https://doi.org/10.1007/0-387-24230-9_3

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free