System logs record detailed information about system operation and are important for analyzing the system's operational status performance. Rapid accurate detection of anomalies is great significance to ensure stability. However, large-scale distributed systems becoming more complex, number gradually increases, which brings challenges analyze logs. Some recent studies show that can be unstable ...

Anomaly detection, detection of deviations from what is considered normal, is an important complement to misuse detection based on attack signatures. Anomaly detection in real-time places hard requirements on the algorithms used, making many proposed data mining techniques less suitable. ADWICE (Anomaly Detection With fast Incremental Clustering) uses the first phase of the existing BIRCH clust...

Misuse detection method and anomaly detection method are widely used for the detection of malicious web pages. Both are based on machine learning. Misuse detection can detect known malicious web pages, but it cannot detect new ones. In contrast, anomaly detection can detect unknown malicious web pages, but it has a high false positive rate. In order to achieve a high detection rate through prec...

Anomaly detection is an important problem with multiple applications, and thus has been studied for decades in various research domains. In the past decade there has been a growing interest in anomaly detection in data represented as networks, or graphs, largely because of their robust expressiveness and their natural ability to represent complex relationships. Originally, techniques focused on...

The spatial-temporal correlation is an important feature of sensor data in wireless sensor networks (WSNs). Most of the existing works based on the spatial-temporal correlation can be divided into two parts: redundancy reduction and anomaly detection. These two parts are pursued separately in existing works. In this work, the combination of temporal data-driven sleep scheduling (TDSS) and spati...

In recent years, with the rapid development of Internet technology, number credit card users has increased significantly. Subsequently, fraud caused a large amount economic losses to individual and related financial enterprises. At present, traditional machine learning methods (such as SVM, random forest, Markov model, etc.) have been widely studied in detection, but these are often difficulty ...

This paper presents a distributed hierarchical multiagent architecture for detecting SQL injection attacks against databases. It uses a novel strategy, which is supported by a Case-Based Reasoning mechanism, which provides to the classifier agents with a great capacity of learning and adaptation to face this type of attack. The architecture combines strategies of intrusion detection systems suc...

Anomaly based network intrusion detection (ANID) is an important problem that has been researched within diverse research areas and various application domains. Several anomaly based network intrusion detection systems (ANIDS) can be found in the literature. Most ANIDSs employ supervised algorithms, whose performances highly depend on attack-free training data. However, this kind of training da...

Anomaly detection is a concept widely applied to numerous domains. Several techniques of anomaly detection have been developed over the years, in practice as well as research. The application of this concept has extended to diverse areas, from network intrusion detection to novelty detection in robot behavior. In the business world, the application of these techniques to fraud detection is of a...

A new concept targeted to decrease false positive rates of anomaly based intrusion detection operating in the system call domain is proposed. To mitigate false positives, network based correlation of collected anomalies from different hosts is suggested, as well as a new means of host-based anomaly detection. The concept of anomaly propagation is based on the premise that false alarms do not pr...