Anomaly-based network Intrusion Detection Systems (IDS) are valuable tools for the defense-in-depth of computer networks. Unsupervised or unlabeled learning approaches for network anomaly detection have been recently proposed. Such anomaly-based network IDS are able to detect (unknown) zero-day attacks, although much care has to be dedicated to controlling the amount of false positives generate...

Intrusion Detection Systems (IDS) are software or hardware systems, which automatically monitor network traffic looking for suspicious signs of intrusions. Their aim is to recognise already on-going attacks, and possibly block them, in co-operation with other tools like firewalls, as well. According to data processing, one family of IDS-s is anomaly based intrusion detection systems, which assu...

In this paper a novel hybrid model is being proposed for misuse and anomaly detection. C4.5 based binary decision trees are used for misuse and CBA (Classification Based Association) based classifier is used for anomaly detection. Firstly, the C4.5 based decision tree separates the network traffic into normal and attack categories. The normal traffic is sent to anomaly detector and parallel att...

Nowadays the use of hyperspectral imagery specifically automatic target detection algorithms for these images is a relatively exciting area of research. An important challenge of hyperspectral target detection is to detect small targets without any prior knowledge, particularly when the interested targets are insignificant with low probabilities of occurrence. The specific characteristic of ano...

This paper presents an overview of anomaly detection algorithms and methodology, focusing on the context of banking operations applications. The main principles of anomaly detection are first presented, followed by listing some of the areas in banking that can benefit from anomaly detection. We then discuss traditional nearest-neighbor and clustering-based approaches. Time series and other sequ...

The detection of outliers has gained considerable interest in data mining with the realization that outliers can be the key discovery to be made from very large databases. Outliers arise due to various reasons such as mechanical faults, changes in system behavior, fraudulent behavior, human error and instrument error. Indeed, for many applications the discovery of outliers leads to more interes...

Since the early days of research on Intrusion Detection, anomaly-based approaches have been proposed to detect intrusion attempts. Attacks are detected as anomalies when compared to a model of normal (legitimate) events. Anomaly-based approaches typically produce a relatively large number of false alarms compared to signature-based IDS. However, anomaly-based IDS are able to detect never-before...

This paper presents a statistical anomaly detection algorithm based on Markov chains. Our algorithm can be directly applied for intrusion detection by discovering anomalous activities. Our framework for constructing anomaly detectors is very general and can be used by other researchers for constructing Markov-chain-based anomaly detectors. We also present performance metrics for evaluating the ...

Anomaly-based intrusion detection is about discrimination of malicious and legitimate patterns of activities (system or user-driven) in variables characterizing system normality. Due to the nonstationarity and increasingly complexity of today’s computer systems, perfect normality characterization is always deemed to be an unreachable goal for any anomaly detection model. Because of the same rea...