We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
The importance of generalizability for anomaly detection.
- Authors
Peterson, Gilbert; McBride, Brent
- Abstract
In security-related areas there is concern over novel “zero-day” attacks that penetrate system defenses and wreak havoc. The best methods for countering these threats are recognizing “nonself” as in an Artificial Immune System or recognizing “self” through clustering. For either case, the concern remains that something that appears similar to self could be missed. Given this situation, one could incorrectly assume that a preference for a tighter fit to self over generalizability is important for false positive reduction in this type of learning problem. This article confirms that in anomaly detection as in other forms of classification a tight fit, although important, does not supersede model generality. This is shown using three systems each with a different geometric bias in the decision space. The first two use spherical and ellipsoid clusters with a k-means algorithm modified to work on the one-class/blind classification problem. The third is based on wrapping the self points with a multidimensional convex hull (polytope) algorithm capable of learning disjunctive concepts via a thresholding constant. All three of these algorithms are tested using the Voting dataset from the UCI Machine Learning Repository, the MIT Lincoln Labs intrusion detection dataset, and the lossy-compressed steganalysis domain.
- Subjects
ANOMALY detection (Computer security); SPHERICAL data; LEARNING problems; ALGORITHMS; POLYTOPES
- Publication
Knowledge & Information Systems, 2008, Vol 14, Issue 3, p377
- ISSN
0219-1377
- Publication type
Article
- DOI
10.1007/s10115-007-0072-8