Ensemble of Feature Chains for Anomaly Detection
Along with recent technological advances more and more new threats and advanced cyber-attacks appear unexpectedly. Developing methods which allow for identification and defense against such unknown threats is of great importance. In this paper we propose new ensemble method (which improves over the known cross-feature analysis, CFA, technique) allowing solving anomaly detection problem in semi-supervised settings using well established supervised learning algorithms. Theoretical correctness of the proposed method is demonstrated. Empirical evaluation results on Android malware datasets demonstrate effectiveness of the proposed approach and its superiority against the original CFA detection method.
Keywordsensemble methods machine learning anomaly detection probabilistic methods network monitoring Android malware
Unable to display preview. Download preview PDF.
- 2.Huang, Y.A., Fan, W., Lee, W., Yu, P.S.: Cross-feature analysis for detecting ad-hoc routing anomalies. In: IEEE 23rd Int. Conf. on Distributed Computing Systems, pp. 478–487 (2003)Google Scholar
- 5.Google mobile blog, android and security: http://googlemobile.blogspot.co.il/2012/02/android-and-security.html
- 6.Noto, K., Brodley, C., Slonim, D.: Anomaly detection using an ensemble of feature models. In: Proc. of the 10th IEEE International Conf. on Data Mining, pp. 953–958 (2010)Google Scholar
- 7.Ye, N., Xu, M., Emran, S.M.: Probabilistic networks with undirected links for anomaly detection. In: Proceedings of the IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, West Point, NY, pp. 175–179 (2000)Google Scholar
- 8.Rokach, L., Maimon, O.: Ensemble Methods for Classifiers. In: Data Mining and Knowledge Discovery Handbook. Springer US (2005)Google Scholar
- 9.Weka 3: Data Mining Software in Java, http://www.cs.waikato.ac.nz/ml/weka/