Immunity-based Dynamic Anomaly Detection Method
In many of actual anomaly detection systems, the training data is only partially composed by the normal elements; simultaneously, self and non-self space often vary over time, so these systems often build profiles based on some of self elements and adjust themselves to adapt network varieties. However, these techniques need a large number of self elements to build the profile and lack adaptability. Aiming at the problems of traditional techniques, an immunity-based dynamic method for network anomaly detection, referred to as IDAD, is proposed in this paper. IDAD builds an appropriate profile using only a subset of normal elements and adapts the varieties of self and non-self space, which adjust adaptively the self radius, the detection radius, and numbers of detectors to amend the built profile. The experiment results show that IDAD is an efficient solution to anomaly detection, and has the features of high detection rate, low false alarm rate, self-learning, and adaptation.
Immunity network security anomaly detection
Feixian Sun Qiusheng Zheng Feixian Sun Tao Li
School of Computer Science Zhongyuan University of Technology Zhengzhou, China School of Computer Science Sichuan University Chengdu, China
国际会议
上海
英文
644-647
2008-05-16(万方平台首次上网日期,不代表论文的发表时间)