Anomaly detection algorithms aim at identifying unexpected flctuations in the exp e cte d b ehavior of target indicators, and, when applie d to intrusion dete ction, susp e ct attacks whenever the above deviations are obser ve d. Through years, several of such algorithms have b e en prop ose d, evaluate d exp erimentally, and analyzed in qualitative and quantitative sur veys. However, the exp erimental comparison of a comprehensive set of algorithms for anomaly-based intrusion dete ction against a comprehensive set of attacks datasets and attack typ es was not investigate d yet. To fil such gap, in th is pap er we exp erimentally evaluate a p o ol of twelve unsup er vise d anomaly dete ction algorithms on fie attacks datasets. Results allow elaborating on a wide range of arguments, from the b ehavior of the individual algorithm to the suitability of the datasets to anomaly detection. We identify the families of algorithms that are more eff ctive for intrusion dete ction, and the families that are more robust to the choice of confiuration parameters. Further, we confim exp erimentally that attacks with unstable and non-rep eatable b ehavior are more diffilt to dete ct, and that datasets where anomalies are rare events usually result in b etter dete ction scores.
Quantitative Comparison of Unsupervised Anomaly Detection Algorithms for Intrusion Detection / Filipe Falcao, Tommaso Zoppi, Caio Barbosa, Anderson Santos, Baldoino Fonseca, Andrea Ceccarelli, Andrea Bondavalli. - ELETTRONICO. - (2019), pp. 318-327. (Intervento presentato al convegno ACM SYMPOSIUM ON APPLIED COMPUTING tenutosi a Limassol, Cyprus nel 8-12/4/2019) [10.1145/3297280.3297314].
Quantitative Comparison of Unsupervised Anomaly Detection Algorithms for Intrusion Detection
Falcão Batista dos Santos, FILIPE;Tommaso Zoppi
;BARBOSA VIEIRA DA SILVA, CAIO;SANTOS DA SILVA, ANDERSON;FONSECA DOS SANTOS NETO, BALDOINO;Andrea Ceccarelli;Andrea Bondavalli
2019
Abstract
Anomaly detection algorithms aim at identifying unexpected flctuations in the exp e cte d b ehavior of target indicators, and, when applie d to intrusion dete ction, susp e ct attacks whenever the above deviations are obser ve d. Through years, several of such algorithms have b e en prop ose d, evaluate d exp erimentally, and analyzed in qualitative and quantitative sur veys. However, the exp erimental comparison of a comprehensive set of algorithms for anomaly-based intrusion dete ction against a comprehensive set of attacks datasets and attack typ es was not investigate d yet. To fil such gap, in th is pap er we exp erimentally evaluate a p o ol of twelve unsup er vise d anomaly dete ction algorithms on fie attacks datasets. Results allow elaborating on a wide range of arguments, from the b ehavior of the individual algorithm to the suitability of the datasets to anomaly detection. We identify the families of algorithms that are more eff ctive for intrusion dete ction, and the families that are more robust to the choice of confiuration parameters. Further, we confim exp erimentally that attacks with unstable and non-rep eatable b ehavior are more diffilt to dete ct, and that datasets where anomalies are rare events usually result in b etter dete ction scores.
| File | Dimensione | Formato | |
|---|---|---|---|
|
3297280.3297314.pdf
Accesso chiuso
Descrizione: File Editore non Pubblico
Tipologia:
Pdf editoriale (Version of record)
Licenza:
Tutti i diritti riservati
Dimensione
1.1 MB
Formato
Adobe PDF
|
1.1 MB | Adobe PDF | Richiedi una copia |
|
SAC_CameraReady.pdf
accesso aperto
Descrizione: Pre-Print accesso libero
Tipologia:
Pdf editoriale (Version of record)
Licenza:
Tutti i diritti riservati
Dimensione
456.54 kB
Formato
Adobe PDF
|
456.54 kB | Adobe PDF |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
