IIT Home Page CNR Home Page

Autonomic Intrusion Detection over Unlabeled HTTP Log Streams

In this work, we propose a novel framework of autonomic intrusion detection that ful lls
online and adaptive intrusion detection over unlabeled HTTP log streams. The framework holds
potential for self-managing: self-labeling, self-updating and self-adapting. Our framework uses the
Affinity Propagation (AP), a recently developed clustering algorithm, to learn a subject's behaviors
through dynamical clustering of the streaming data. It automatically labels the data and adapts
to normal behavior changes while identi es anomalies. Two large real HTTP log streams collected
in our institute are used to validate the framework and the method. The test results show that
the autonomic model achieves better results in terms of e ectiveness and efficiency compared to
three other traditional static anomaly detection methods.

Dal 14/09/2010-11.00 al 14/09/2010-11.00 , Aula didattica dello IIT (Aula A32 - vicino biblioteca)

Speaker: Wei Wang (Univ. Luxemburg)

Responsabile: Fabio Martinelli

Attività: Sicurezza di dispositivi mobili