Abstract
Anomaly detection or novelty detection has emerged as a powerful tool for masquerade detection during the past decade. However, the strong dependence of previous methods on uncontaminated training data is a matter of concern. We introduce a novel masquerade detection algorithm based on a statistical test for system parameter drift of time series data. The approach presented may exploit attack-free training data if provided, but is not dependent on it. It transforms the string of commands into a symbol sequence, respectively using the average time index difference of symbols identical to the symbol found at a particular index for anomaly detection. We evaluated the method using the standard data set provided by Schonlau et al., both including and excluding the use of training data. We report the results achieved with and without training data, and compare them to the results attained by several conventional methods using training data.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cover, T., Thomas, J.: Elements of Information Theory. Wiley & Sons, Chichester (2006)
Yamanishi, K., Takeuchi, J.: A Unifying Framework for Detecting Outliers and Change Points From Time Series. IEEE Transactions on Knowledge and Data Engineering 18(I. 4), 482–492 (2006)
Clifton, et al.: Combined Support Vector Novelty Detection for Multi-channel Combustion Data. In: IEEE International Conference on Networking, Sensing and Control, pp. 495–500 (2007)
Zhang, J., Zulkernine, M.: Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection. In: IEEE International Conference on Communications, pp. 2388–2393 (2006)
Kwitt, R., Hofmann, U.: Unsupervised Anomaly Detection in Network Traffic by Means of Robust PCA. In: IEEE International Multi-Conference on Computing in the Global Information Technology, pp. 10–13 (2007)
Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16(1), 58–74 (2001)
Wang, K., Stolfo, S.: One Class Training for Masquerade Detection. In: ICDM Workshop on Data Mining for Computer Security, pp. 1–10 (2003)
Li, Z., Li, Z., Liu, B.: Masquerade Detection System Based on Correlation Eigen Matrix and Support Vector Machine. In: CIS Conference, pp. 625–628 (2006)
Oka, M., Kato, K.: Anomaly Detection Using Integration Model of Vector Space and Network Representation. Information Processing Society of Japan Digital Courier 3, 269–279 (2007)
Yamanishi, K., Maruyama, Y.: Dynamic Model Selection with its Applications to Novelty Detection. IEEE Transactions on Information Theory 53( I. 6), 2180–2189 (2007)
Eskin, E., Arnold, A., Prerau, M., Portnoy, M., Stolfo, S.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Applications of Data Mining in Computer Security, ch. 4. Kluwer, Dordrecht (2002)
Tandon, G., Chan, P., Mitra, D.: Data Cleaning and Enriched Representations for Anomaly Detection in System Calls. In: Machine Learning and Data Mining for Computer Security - Methods and Applications, pp. 137–156. Springer, Heidelberg (2006)
Kennel, M.: Statistical Test for Dynamical Nonstationarity in Observed Time-Series Data. Physical Review E 56, 316–321 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Skudlarek, S.J., Yamamoto, H. (2009). Anomaly Detection Using Time Index Differences of Identical Symbols with and without Training Data. In: Huang, R., Yang, Q., Pei, J., Gama, J., Meng, X., Li, X. (eds) Advanced Data Mining and Applications. ADMA 2009. Lecture Notes in Computer Science(), vol 5678. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03348-3_64
Download citation
DOI: https://doi.org/10.1007/978-3-642-03348-3_64
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03347-6
Online ISBN: 978-3-642-03348-3
eBook Packages: Computer ScienceComputer Science (R0)