Identifying outliers via clustering for anomaly detection
Arshad, Muhammad H.
Chan, Philip K.
MetadataShow full item record
Detecting known vulnerabilities (Signature Detection) is not sufficient for complete security. This has raised recent interest in Anomaly Detection (AD), in which a model is built from normal behavior and significant deviations from this model are flagged anomalous. However, most AD algorithm assume clean training data, which could be hard to obtain. Our proposed algorithm relaxes. For this, we define the notion a strong outlier, which is suspicious at both local and global levels. Finally we illustrate the effectiveness of our approach on the DARPA '99 dataset and find that our approach is at par in number of detections at 10 FA/day with the best participants in the original evaluation who employed a hybrid of techniques.