Ensemble of Feature Chains for Anomaly Detection

  • Lena Tenenboim-Chekina
  • Lior Rokach
  • Bracha Shapira
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7872)


Along with recent technological advances more and more new threats and advanced cyber-attacks appear unexpectedly. Developing methods which allow for identification and defense against such unknown threats is of great importance. In this paper we propose new ensemble method (which improves over the known cross-feature analysis, CFA, technique) allowing solving anomaly detection problem in semi-supervised settings using well established supervised learning algorithms. Theoretical correctness of the proposed method is demonstrated. Empirical evaluation results on Android malware datasets demonstrate effectiveness of the proposed approach and its superiority against the original CFA detection method.


ensemble methods machine learning anomaly detection probabilistic methods network monitoring Android malware 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Comput. Surv. 41(3), 1–58 (2009)CrossRefGoogle Scholar
  2. 2.
    Huang, Y.A., Fan, W., Lee, W., Yu, P.S.: Cross-feature analysis for detecting ad-hoc routing anomalies. In: IEEE 23rd Int. Conf. on Distributed Computing Systems, pp. 478–487 (2003)Google Scholar
  3. 3.
    Read, J., Pfahringer, B., Holmes, G., Frank, E.: Classifier Chains for Multi-label Classification. In: Buntine, W., Grobelnik, M., Mladenić, D., Shawe-Taylor, J. (eds.) ECML PKDD 2009, Part II. LNCS, vol. 5782, pp. 254–269. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
  5. 5.
  6. 6.
    Noto, K., Brodley, C., Slonim, D.: Anomaly detection using an ensemble of feature models. In: Proc. of the 10th IEEE International Conf. on Data Mining, pp. 953–958 (2010)Google Scholar
  7. 7.
    Ye, N., Xu, M., Emran, S.M.: Probabilistic networks with undirected links for anomaly detection. In: Proceedings of the IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, West Point, NY, pp. 175–179 (2000)Google Scholar
  8. 8.
    Rokach, L., Maimon, O.: Ensemble Methods for Classifiers. In: Data Mining and Knowledge Discovery Handbook. Springer US (2005)Google Scholar
  9. 9.
    Weka 3: Data Mining Software in Java,
  10. 10.
    Rodriguez, J.J., Kuncheva, L.I., Alonso, C.J.: Rotation Forest: A New Classifier Ensemble Method. IEEE Transactions on Pattern Analysis and Machine Intelligence 28(10), 1619–1630 (2006)CrossRefGoogle Scholar
  11. 11.
    Demsar, J.: Statistical comparisons of classifiers over multiple data sets. Journal of Machine Learning Research 7, 1–30 (2006)MathSciNetzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Lena Tenenboim-Chekina
    • 1
  • Lior Rokach
    • 1
  • Bracha Shapira
    • 1
  1. 1.Department of Information Systems Eng. and Telekom Innovation LaboratoriesBen-Gurion University of the NegevIsrael

Personalised recommendations