Skip to main content
SpringerLink
Log in

Anomaly Detection Using Time Index Differences of Identical Symbols with and without Training Data

  • Conference paper
Advanced Data Mining and Applications (ADMA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 5678))

Included in the following conference series:

Abstract

Anomaly detection or novelty detection has emerged as a powerful tool for masquerade detection during the past decade. However, the strong dependence of previous methods on uncontaminated training data is a matter of concern. We introduce a novel masquerade detection algorithm based on a statistical test for system parameter drift of time series data. The approach presented may exploit attack-free training data if provided, but is not dependent on it. It transforms the string of commands into a symbol sequence, respectively using the average time index difference of symbols identical to the symbol found at a particular index for anomaly detection. We evaluated the method using the standard data set provided by Schonlau et al., both including and excluding the use of training data. We report the results achieved with and without training data, and compare them to the results attained by several conventional methods using training data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cover, T., Thomas, J.: Elements of Information Theory. Wiley & Sons, Chichester (2006)

    MATH  Google Scholar 

  2. Yamanishi, K., Takeuchi, J.: A Unifying Framework for Detecting Outliers and Change Points From Time Series. IEEE Transactions on Knowledge and Data Engineering 18(I. 4), 482–492 (2006)

    Google Scholar 

  3. Clifton, et al.: Combined Support Vector Novelty Detection for Multi-channel Combustion Data. In: IEEE International Conference on Networking, Sensing and Control, pp. 495–500 (2007)

    Google Scholar 

  4. Zhang, J., Zulkernine, M.: Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection. In: IEEE International Conference on Communications, pp. 2388–2393 (2006)

    Google Scholar 

  5. Kwitt, R., Hofmann, U.: Unsupervised Anomaly Detection in Network Traffic by Means of Robust PCA. In: IEEE International Multi-Conference on Computing in the Global Information Technology, pp. 10–13 (2007)

    Google Scholar 

  6. Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16(1), 58–74 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  7. Wang, K., Stolfo, S.: One Class Training for Masquerade Detection. In: ICDM Workshop on Data Mining for Computer Security, pp. 1–10 (2003)

    Google Scholar 

  8. Li, Z., Li, Z., Liu, B.: Masquerade Detection System Based on Correlation Eigen Matrix and Support Vector Machine. In: CIS Conference, pp. 625–628 (2006)

    Google Scholar 

  9. Oka, M., Kato, K.: Anomaly Detection Using Integration Model of Vector Space and Network Representation. Information Processing Society of Japan Digital Courier 3, 269–279 (2007)

    Google Scholar 

  10. Yamanishi, K., Maruyama, Y.: Dynamic Model Selection with its Applications to Novelty Detection. IEEE Transactions on Information Theory 53( I. 6), 2180–2189 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  11. Eskin, E., Arnold, A., Prerau, M., Portnoy, M., Stolfo, S.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Applications of Data Mining in Computer Security, ch. 4. Kluwer, Dordrecht (2002)

    Google Scholar 

  12. Tandon, G., Chan, P., Mitra, D.: Data Cleaning and Enriched Representations for Anomaly Detection in System Calls. In: Machine Learning and Data Mining for Computer Security - Methods and Applications, pp. 137–156. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Kennel, M.: Statistical Test for Dynamical Nonstationarity in Observed Time-Series Data. Physical Review E 56, 316–321 (1997)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School Of Frontier Sciences, University of Tokyo, 5-1-5 Kashiwa-no-ha, Kashiwa, Chiba, 277-8561, Japan

    Stefan Jan Skudlarek & Hirosuke Yamamoto

Authors
  1. Stefan Jan Skudlarek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hirosuke Yamamoto
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Knowledge Science & Engineering Institute, School of Education Technology, Beijing Normal University, Xinjiekouwai Ave. 19, 100875, Beijing, China

    Ronghuai Huang

  2. The Hong Kong University of Science and Technology, Clear Water Bay,, Hong Kong, Hong Kong

    Qiang Yang

  3. School of Computing Science, Simon Fraser University, 8888 University Drive, V5A 1S6, Burnaby, BC, Canada

    Jian Pei

  4. Faculty of Economics, University of Porto, Rua Dr. Roberto Frias, 4200-465, Porto, Portugal

    João Gama

  5. School of Information, Zhongguancum, Renmin University, 100872, Beijing, China

    Xiaofeng Meng

  6. School of Information Technology and Electrical Engineering, The University of Queensland, 4072, St. Lucia, Queensland, Australia

    Xue Li

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Skudlarek, S.J., Yamamoto, H. (2009). Anomaly Detection Using Time Index Differences of Identical Symbols with and without Training Data. In: Huang, R., Yang, Q., Pei, J., Gama, J., Meng, X., Li, X. (eds) Advanced Data Mining and Applications. ADMA 2009. Lecture Notes in Computer Science(), vol 5678. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03348-3_64

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03348-3_64

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03347-6

  • Online ISBN: 978-3-642-03348-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation