Paper Info
Title
Quantitative comparison of unsupervised anomaly detection algorithms for intrusion detection.
Abstract
Anomaly detection algorithms aim at identifying unexpected fluctuations in the expected behavior of target indicators, and, when applied to intrusion detection, suspect attacks whenever the above deviations are observed. Through years, several of such algorithms have been proposed, evaluated experimentally, and analyzed in qualitative and quantitative surveys. However, the experimental comparison of a comprehensive set of algorithms for anomaly-based intrusion detection against a comprehensive set of attacks datasets and attack types was not investigated yet. To fill such gap, in this paper we experimentally evaluate a pool of twelve unsupervised anomaly detection algorithms on five attacks datasets. Results allow elaborating on a wide range of arguments, from the behavior of the individual algorithm to the suitability of the datasets to anomaly detection. We identify the families of algorithms that are more effective for intrusion detection, and the families that are more robust to the choice of configuration parameters. Further, we confirm experimentally that attacks with unstable and non-repeatable behavior are more difficult to detect, and that datasets where anomalies are rare events usually result in better detection scores.
Year
DOI
Venue
2019
10.1145/3297280.3297314
SAC
Keywords
Field
DocType
anomaly detection, attack model, attacks datasets, comparison, intrusion detection, unsupervised algorithms
Anomaly detection,Attack model,Computer science,Algorithm,Intrusion detection system,Rare events
Conference
ISBN
Citations 
PageRank 
978-1-4503-5933-7
2
0.40
References 
Authors
0
7
Name
Order
Citations
PageRank
Filipe Falcão120.40
Tommaso Zoppi2258.74
Caio Barbosa Viera Silva320.40
a r santos451.19
Baldoino Fonseca510316.57
Andrea Ceccarelli617232.69
Andrea Bondavalli7886133.06