Entry Ali:2013:AAD from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Ali:2013:AAD,
  author =       "Muhammad Qasim Ali and Ehab Al-Shaer and Hassan Khan
                 and Syed Ali Khayam",
  title =        "Automated Anomaly Detector Adaptation using Adaptive
                 Threshold Tuning",
  journal =      j-TISSEC,
  volume =       "15",
  number =       "4",
  pages =        "17:1--17:??",
  month =        apr,
  year =         "2013",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2445566.2445569",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Thu Apr 4 18:18:20 MDT 2013",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "Real-time network- and host-based Anomaly Detection
                 Systems (ADSs) transform a continuous stream of input
                 data into meaningful and quantifiable anomaly scores.
                 These scores are subsequently compared to a fixed
                 detection threshold and classified as either benign or
                 malicious. We argue that a real-time ADS' input changes
                 considerably over time and a fixed threshold value
                 cannot guarantee good anomaly detection accuracy for
                 such a time-varying input. In this article, we propose
                 a simple and generic technique to adaptively tune the
                 detection threshold of any ADS that works on threshold
                 method. To this end, we first perform statistical and
                 information-theoretic analysis of network- and
                 host-based ADSs' anomaly scores to reveal a consistent
                 time correlation structure during benign activity
                 periods. We model the observed correlation structure
                 using Markov chains, which are in turn used in a
                 stochastic target tracking framework to adapt an ADS'
                 detection threshold in accordance with real-time
                 measurements. We also use statistical techniques to
                 make the proposed algorithm resilient to sporadic
                 changes and evasion attacks. In order to evaluate the
                 proposed approach, we incorporate the proposed adaptive
                 thresholding module into multiple ADSs and evaluate
                 those ADSs over comprehensive and independently
                 collected network and host attack datasets. We show
                 that, while reducing the need of human threshold
                 configuration, the proposed technique provides
                 considerable and consistent accuracy improvements for
                 all evaluated ADSs.",
  acknowledgement = ack-nhfb,
  articleno =    "17",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries