Abstract | ||
---|---|---|
This paper presents a novel technique of finding a convex combination of outputs of anomaly detectors maximizing the accuracy in ź-quantile of most anomalous samples. Such an approach better reflects the needs in the security domain in which subsequent analysis of alarms is costly and can be done only on a small number of alarms. An extensive experimental evaluation and comparison to prior art on real network data using sets of anomaly detectors of two existing intrusion detection systems shows that the proposed method not only outperforms prior art, it is also more robust to noise in training data labels, which is another important feature for deployment in practice. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1016/j.comnet.2016.05.021 | Computer Networks |
Keywords | Field | DocType |
Anomaly detection,Ensemble systems,Positive unlabeled data,Accuracy at top | Security domain,Small number,Anomaly detection,Data mining,Software deployment,Pattern recognition,Convex combination,Computer science,Artificial intelligence,Network data,Detector,Intrusion detection system | Journal |
Volume | Issue | ISSN |
107 | P1 | 1389-1286 |
Citations | PageRank | References |
3 | 0.38 | 21 |
Authors | ||
2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Martin Grill | 1 | 101 | 10.79 |
Tomás Pevný | 2 | 161 | 13.21 |