Name
Title | ||
|---|---|---|
Reducing false positives of network anomaly detection by local adaptive multivariate smoothing. |
Abstract | ||
|---|---|---|
Network intrusion detection systems based on the anomaly detection paradigm have high false alarm rate making them difficult to use. To address this weakness, we propose to smooth the outputs of anomaly detectors by online Local Adaptive Multivariate Smoothing (LAMS). LAMS can reduce a large portion of false positives introduced by the anomaly detection by replacing the anomaly detector's output on a network event with an aggregate of its output on all similar network events observed previously. The arguments are supported by extensive experimental evaluation involving several anomaly detectors in two domains: NetFlow and proxy logs. Finally, we show how the proposed solution can be efficiently implemented to process large streams of non-stationary data. |
Year | DOI | Venue |
|---|---|---|
2017 | 10.1016/j.jcss.2016.03.007 | Journal of Computer and System Sciences |
Keywords | Field | DocType |
Network anomaly detection,Regression smoothing,False positive rate reduction | Data mining,Anomaly detection,Network intrusion detection,Multivariate statistics,NetFlow,Smoothing,Constant false alarm rate,Detector,Mathematics,False positive paradox | Journal |
Volume | Issue | ISSN |
83 | 1 | 0022-0000 |
Citations | PageRank | References |
6 | 0.40 | 23 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Martin Grill | 1 | 101 | 10.79 |
| Tomás Pevný | 2 | 161 | 13.21 |
| Martin Rehak | 3 | 251 | 28.57 |