The Decision Method of A Threshold in Sequence - based Anomaly Detection Sensor

Yong Min Kim; Min Soo Kim; Hong Gun Kim; Bong Nam Noh

The Decision Method of A Threshold in Sequence - based Anomaly Detection Sensor

The KIPS Transactions:PartC, Vol. 8, No. 5, pp. 507-516, Oct. 2001

10.3745/KIPSTC.2001.8.5.507, PDF Download:

Abstract

In this paper, we implement sequence-based anomaly detection sensor using SOM and HMM, and analyze what is important information in system call and how a threshold is decided. The new filtering and reduction rules of SOM reduces the input size of HMM. This gives real-time processing to HMM-based anomaly detection sensor. Also, we introduced an anomaly count into the sensor. Due to lessened sensibility, a user easily understand easily the detection information and false-positive was decreased. And the active coordination of the threshold value makes the detection sensor adapt according to the system condition.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

Y. M. Kim, M. S. Kim, H. G. Kim, B. N. Noh, "The Decision Method of A Threshold in Sequence - based Anomaly Detection Sensor," The KIPS Transactions:PartC, vol. 8, no. 5, pp. 507-516, 2001. DOI: 10.3745/KIPSTC.2001.8.5.507.

[ACM Style]

Yong Min Kim, Min Soo Kim, Hong Gun Kim, and Bong Nam Noh. 2001. The Decision Method of A Threshold in Sequence - based Anomaly Detection Sensor. The KIPS Transactions:PartC, 8, 5, (2001), 507-516. DOI: 10.3745/KIPSTC.2001.8.5.507.