Oct/09

What are the challenges of computer network anomaly detection?

No comments · Posted by Alex in Networking

It is almost impossible to model every normal behavior. Also, definition of normal and anomalous is not precise.
Intrusion/malicious attacks try to make their behavior looks like normal.
State of normal is changing over time.
Anomaly is defined differently over different application. (medical, education, stock market, etc.)
Lack of validation data
Noise in the data makes detection more difficult.

Summary from Anomaly Detection: A Survey

1541882

Anomaly detection: A survey (article)

Author

Chandola, Varun and Banerjee, Arindam and Kumar, Vipin

Journal

ACM Comput. Surv.

Year

2009

Volume

41

Number

3

Pages

1–58

Address

New York, NY, USA

Date-Added

2009-10-19 15:26:32 +1300

Date-Modified

2009-10-19 15:26:32 +1300

Doi

http://doi.acm.org/10.1145/1541880.1541882

Issn

0360-0300

Publisher

ACM

@article{1541882,

Address = {New York, NY, USA},

Author = {Chandola, Varun and Banerjee, Arindam and Kumar, Vipin},

Date-Added = {2009-10-19 15:26:32 +1300},

Date-Modified = {2009-10-19 15:26:32 +1300},

Doi = {http://doi.acm.org/10.1145/1541880.1541882},

Issn = {0360-0300},

Journal = {ACM Comput. Surv.},

Number = {3},

Pages = {1–58},

Publisher = {ACM},

Title = {Anomaly detection: A survey},

Volume = {41},

Year = {2009},

Bdsk-File-1 = {YnBsaXN0MDDUAQIDBAUIJidUJHRvcFgkb2JqZWN0c1gkdmVyc2lvblkkYXJjaGl2ZXLRBgdUcm9vdIABqAkKFRYXGyIjVSRudWxs0wsMDQ4RFFpOUy5vYmplY3RzV05TLmtleXNWJGNsYXNzog8QgASABqISE4ACgAOAB1lhbGlhc0RhdGFccmVsYXRpdmVQYXRo0hgNGRpXTlMuZGF0YU8RAbAAAAAAAbAAAgAADE1hY2ludG9zaCBIRAAAAAAAAAAAAAAAAAAAAMSis9dIKwAAABLceRBhMTUtY2hhbmRvbGEucGRmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqOFQxwI13wAAAAAAAAAAAAEAAwAACSAAAAAAAAAAAAAAAAAAAAARYW5vbWFseSBkZXRlY3Rpb24AABAACAAAxKILFwAAABEACAAAxwF/DwAAAAEAEAAS3HkAC6OWAAujfwAAev4AAgBETWFjaW50b3NoIEhEOlVzZXJzOmFsZXg6RG9jdW1lbnRzOmFub21hbHkgZGV0ZWN0aW9uOmExNS1jaGFuZG9sYS5wZGYADgAiABAAYQAxADUALQBjAGgAYQBuAGQAbwBsAGEALgBwAGQAZgAPABoADABNAGEAYwBpAG4AdABvAHMAaAAgAEgARAASADdVc2Vycy9hbGV4L0RvY3VtZW50cy9hbm9tYWx5IGRldGVjdGlvbi9hMTUtY2hhbmRvbGEucGRmAAATAAEvAAAVAAIAC///AACABdIcHR4fWCRjbGFzc2VzWiRjbGFzc25hbWWjHyAhXU5TTXV0YWJsZURhdGFWTlNEYXRhWE5TT2JqZWN0XxAiYW5vbWFseSBkZXRlY3Rpb24vYTE1LWNoYW5kb2xhLnBkZtIcHSQloiUhXE5TRGljdGlvbmFyeRIAAYagXxAPTlNLZXllZEFyY2hpdmVyAAgAEQAWAB8AKAAyADUAOgA8AEUASwBSAF0AZQBsAG8AcQBzAHYAeAB6AHwAhgCTAJgAoAJUAlYCWwJkAm8CcwKBAogCkQK2ArsCvgLLAtAAAAAAAAACAQAAAAAAAAAoAAAAAAAAAAAAAAAAAAAC4g==}}

No tags

yuwei.net.nz | Bits of what I am doing

What I'm Doing...

Where am I?

Flickr

Friends

Meta

What are the challenges of computer network anomaly detection?

No comments yet.

Leave a Reply

Find it!

Archives