Quantitative comparison of unsupervised anomaly detection algorithms for intrusion detection

Research Area: Uncategorized Year: 2019
Type of Publication: In Proceedings
Authors: filipe falcao; Tommaso Zoppi; Andrea Ceccarelli; caio barbosa; anderson santos; baldoino fonseca; Andrea Bondavalli
Book title: Symposium on Applied Computing (SAC19) - DADS Track
ISBN: 978-145035933-7
Anomaly detection algorithms aim at identifying unexpected fluctuations in the expected behavior of target indicators, and, when applied to intrusion detection, suspect attacks whenever the above deviations are observed. Through years, several of such algorithms have been proposed, evaluated experimentally, and analyzed in qualitative and quantitative surveys. However, the experimental comparison of a comprehensive set of algorithms for anomaly-based intrusion detection against a comprehensive set of attacks datasets and attack types was not investigated yet. To fill such gap, in this paper we experimentally evaluate a pool of twelve unsupervised anomaly detection algorithms on five attacks datasets. Results allow elaborating on a wide range of arguments, from the behavior of the individual algorithm to the suitability of the datasets to anomaly detection. We identify the families of algorithms that are more effective for intrusion detection, and the families that are more robust to the choice of configuration parameters. Further, we confirm experimentally that attacks with unstable and non-repeatable behavior are more difficult to detect, and that datasets where anomalies are rare events usually result in better detection scores. © 2019 Association for Computing Machinery.

Resilient Computing Lab, 2011

Joomla - Realizzazione siti web