Current Research and Use of Anomaly Detection

Linkoping, Sweden June 13-June 15

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/WETICE.2005.27

14th IEEE International Workshops on ...

	This Article
	PURCHASE ARTICLE: $0 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Kalle Burbeck

	ASCII Text	x
	Kalle Burbeck, "Current Research and Use of Anomaly Detection," Enabling Technologies, IEEE International Workshops on, pp. 138, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05), 2005.

	BibTex	x
	@article{ 10.1109/WETICE.2005.27, author = {Kalle Burbeck}, title = {Current Research and Use of Anomaly Detection}, journal ={Enabling Technologies, IEEE International Workshops on}, volume = {0}, year = {2005}, issn = {1524-4547}, pages = {138}, doi = {http://doi.ieeecomputersociety.org/10.1109/WETICE.2005.27}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Enabling Technologies, IEEE International Workshops on TI - Current Research and Use of Anomaly Detection SN - 1524-4547 SP EP A1 - Kalle Burbeck, PY - 2005 KW - null VL - 0 JA - Enabling Technologies, IEEE International Workshops on ER -

Kalle Burbeck, Linkoping University

Anomaly detection in IP networks, detection of deviations from what is considered normal, is an important complement to misuse detection based on known attack descriptions. Anomaly detection is at present time often implemented to some extent in available intrusion detection products. Still much effort is spent on anomaly detection research and many problems remains to be explored.

Performing anomaly detection in real-time places hard requirements on the algorithms used. First, to deal with the massive data volumes one needs to have efficient data structures and indexing mechanisms. Secondly, the dynamic nature of today's information networks makes the characterization of normal requests and services difficult. What is considered as normal during some time interval may be classified as abnormal in a new context, and vice versa. These factors make many proposed data mining techniques less suitable for real-time intrusion detection.

Citation:

Kalle Burbeck, "Current Research and Use of Anomaly Detection," wetice, pp.138, 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.