Adaptive anomaly detection with evolving connectionist systems

Anomaly detection holds great potential for detecting previously unknown attacks. In order to be effective in a practical environment, anomaly detection systems have to be capable of online learning and handling concept drift. In this paper, a new adaptive anomaly detection framework, based on the u...

Full description

Saved in:
Bibliographic Details
Published inJournal of network and computer applications Vol. 30; no. 1; pp. 60 - 80
Main Authors Liao, Yihua, Vemuri, V. Rao, Pasos, Alejandro
Format Journal Article Conference Proceeding
LanguageEnglish
Published London Elsevier Ltd 2007
Elsevier
Subjects
Adaptive anomaly detection
Applied sciences
Artificial intelligence
Computer science; control theory; systems
Concept drift
Connectionism. Neural networks
Detection, estimation, filtering, equalization, prediction
EFuNN
Electric, optical and optoelectronic circuits
Electronics
Evolving connectionist systems
Exact sciences and technology
Fuzzy ART
Information, signal and communications theory
Neural networks
Online learning
Signal and communications theory
Signal, noise
Telecommunications
Telecommunications and information theory
Teleprocessing networks. Isdn
Valuation and optimization of characteristics. Simulation
EFuNN
Fuzzy ART
Evolving connectionist systems
Adaptive anomaly detection
Concept drift
Online learning
Adaptive detection
Adaptive resonance theory
On-line systems
Unsupervised classification
Signal classification
Fuzzy neural nets
False alarm rate
Learning
Data transmission network
Online AccessGet full text

Cover

More Information
Summary:Anomaly detection holds great potential for detecting previously unknown attacks. In order to be effective in a practical environment, anomaly detection systems have to be capable of online learning and handling concept drift. In this paper, a new adaptive anomaly detection framework, based on the use of unsupervised evolving connectionist systems, is proposed to address these issues. It is designed to adapt to normal behavior changes while still recognizing anomalies. The evolving connectionist systems learn a subject's behavior in an online, adaptive fashion through efficient local element tuning. Experiments with the KDD Cup 1999 network data and the Windows NT user profiling data show that our adaptive anomaly detection systems, based on Fuzzy Adaptive Resonance Theory (ART) and Evolving Fuzzy Neural Networks (EFuNN), can significantly reduce the false alarm rate while the attack detection rate remains high.
ISSN:1084-8045
1095-8592
DOI:10.1016/j.jnca.2005.08.005