Much of the intrusion detection research focuses on signature (misuse) detection, where models are built to recognize known attacks. However, signature detection, by its nature, cannot detect novel attacks. Anomaly detection focuses on modeling the normal behavior and identifying significant deviations, which could be novel attacks. In this chapter we explore two machine learning methods that can construct anomaly detection models from past behavior. The first method is a rule learning algorithm that characterizes normal behavior in the absence of labeled attack data. The second method uses a clustering algorithm to identify outliers.
CITATION STYLE
Chan, P. K., Mahoney, M. V., & Arshad, M. H. (2005). Learning Rules and Clusters for Anomaly Detection in Network Traffic. In Managing Cyber Threats (pp. 81–99). Springer-Verlag. https://doi.org/10.1007/0-387-24230-9_3
Mendeley helps you to discover research relevant for your work.