A refined filter for UHAD to improve anomaly detection
Filtering is used in intrusion detection to remove the insignificant events from a log to facilitate the analysis method to focus on the significant events and to minimize processing overhead. Generally, filtering is performed using filtering rules, which are framed using a set of data training data...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
John Wiley & Sons
2016
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/54906/1/A%20refined%20filter%20for%20UHAD%20to%20improve%20anomaly%20detection.pdf http://psasir.upm.edu.my/id/eprint/54906/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Putra Malaysia |
| Language: | English |
| id |
my.upm.eprints.54906 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.549062018-06-12T02:51:56Z http://psasir.upm.edu.my/id/eprint/54906/ A refined filter for UHAD to improve anomaly detection Hajamydeen, Asif Iqbal Udzir, Nur Izura Filtering is used in intrusion detection to remove the insignificant events from a log to facilitate the analysis method to focus on the significant events and to minimize processing overhead. Generally, filtering is performed using filtering rules, which are framed using a set of data training data, or the known facts on anomalous events. This knowledge-dependent nature confines the filterer to filter-in only the recognized anomalies in the logs, making the rest unavailable for further scrutiny. This problem has been addressed earlier by designing a filterer that manipulates the tested log data based on the patterns and volume of events to calculate the filtering threshold. Even though this filtering threshold was able to retain the anomalous events in most heterogeneous logs, it failed when such events were of high volume and also due to the inaccuracies in cluster formation. Therefore, this paper proposes a refined filterer for unsupervised heterogeneous anomaly detection that retains most anomalous events irrespective of its volume in the logs and also discusses the impact of the refined filterer in supporting the detection. The experiment conducted reveals that the refined filterer retained almost all the abnormal events thereby enabling the detection of maximum anomalies. John Wiley & Sons 2016-06-27 Article PeerReviewed text en http://psasir.upm.edu.my/id/eprint/54906/1/A%20refined%20filter%20for%20UHAD%20to%20improve%20anomaly%20detection.pdf Hajamydeen, Asif Iqbal and Udzir, Nur Izura (2016) A refined filter for UHAD to improve anomaly detection. Security and Communication Networks, 9 (14). pp. 2434-2447. ISSN 1939-0122 10.1002/sec.1514 |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English |
| description |
Filtering is used in intrusion detection to remove the insignificant events from a log to facilitate the analysis method to focus on the significant events and to minimize processing overhead. Generally, filtering is performed using filtering rules, which are framed using a set of data training data, or the known facts on anomalous events. This knowledge-dependent nature confines the filterer to filter-in only the recognized anomalies in the logs, making the rest unavailable for further scrutiny. This problem has been addressed earlier by designing a filterer that manipulates the tested log data based on the patterns and volume of events to calculate the filtering threshold. Even though this filtering threshold was able to retain the anomalous events in most heterogeneous logs, it failed when such events were of high volume and also due to the inaccuracies in cluster formation. Therefore, this paper proposes a refined filterer for unsupervised heterogeneous anomaly detection that retains most anomalous events irrespective of its volume in the logs and also discusses the impact of the refined filterer in supporting the detection. The experiment conducted reveals that the refined filterer retained almost all the abnormal events thereby enabling the detection of maximum anomalies. |
| format |
Article |
| author |
Hajamydeen, Asif Iqbal Udzir, Nur Izura |
| spellingShingle |
Hajamydeen, Asif Iqbal Udzir, Nur Izura A refined filter for UHAD to improve anomaly detection |
| author_facet |
Hajamydeen, Asif Iqbal Udzir, Nur Izura |
| author_sort |
Hajamydeen, Asif Iqbal |
| title |
A refined filter for UHAD to improve anomaly detection |
| title_short |
A refined filter for UHAD to improve anomaly detection |
| title_full |
A refined filter for UHAD to improve anomaly detection |
| title_fullStr |
A refined filter for UHAD to improve anomaly detection |
| title_full_unstemmed |
A refined filter for UHAD to improve anomaly detection |
| title_sort |
refined filter for uhad to improve anomaly detection |
| publisher |
John Wiley & Sons |
| publishDate |
2016 |
| url |
http://psasir.upm.edu.my/id/eprint/54906/1/A%20refined%20filter%20for%20UHAD%20to%20improve%20anomaly%20detection.pdf http://psasir.upm.edu.my/id/eprint/54906/ |
| _version_ |
1643835741997891584 |