Intrusion Detection in Unstructured Contexts Using On-line Clustering and Novelty Detection
DOI:
https://doi.org/10.22456/2175-2745.26211Abstract
The characterization of processes behavior is usually considered whenperforming intrusion detection. Several works characterize specific aspects of systemsand attempt to detect novelties in that context, associating observed anomalies to at-tack events. Such approach is limited or even useless when the observed context isunstructured, i.e. when the monitor generates text-based log files or a variable numberof application attributes. In order to overcome such drawback, this paper considersthe use of single-pass clustering techniques to quantize unstructured data and generatetime series, using algorithms with low computational complexity, applicable in a real-world scenario. Afterward, novelty detection techniques are employed on such seriesto distinguish behavior anomalies, which are associated with intrusions. We evaluatedthe approach using a system characterization dataset and confirmed that it aggregatescontext information to represent the behavior of applications as time series, wherenovelty detection can be successfully performed.Downloads
Download data is not yet available.
Downloads
Published
2013-05-13
How to Cite
Alves Ferreira, E., & Mello, R. F. (2013). Intrusion Detection in Unstructured Contexts Using On-line Clustering and Novelty Detection. Revista De Informática Teórica E Aplicada, 20(2), 155–173. https://doi.org/10.22456/2175-2745.26211
Issue
Section
Regular Papers