An Architecture for Inline Anomaly Detection

被引:5
|
作者
Krueger, Tammo [1 ]
Gehl, Christian [1 ]
Rieck, Konrad [1 ]
Laskov, Pavel [1 ]
机构
[1] Fraunhofer Inst FIRST, Berlin, Germany
来源
EC2ND 2008: FOURTH ANNUAL EUROPEAN CONFERENCE ON COMPUTER NETWORK DEFENSE, PROCEEDINGS | 2008年
关键词
D O I
10.1109/EC2ND.2008.8
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper we propose an intrusion prevention system (IPS) which operates inline and is capable to detect unknown attacks using anomaly detection methods. Incorporated in the framework of a packet filter each incoming packet is analyzed and - according to an internal connection state and a computed anomaly score - either delivered to the production system, redirected to a special hardened system. or logged to a network sink for later analysis. Run-time measurements of an actual implementation prove that the performance overhead of the system is sufficient,for inline processing. Accuracy measurements on real network data yield improvements especially in the number of false positives, which are reduced by a factor of five compared to a plain anomaly detector.
引用
收藏
页码:11 / 18
页数:8
相关论文
共 50 条
  • [1] Learned Anomaly Detection with Terahertz Radiation in Inline Process Monitoring
    Clemens Meiser
    Anne Wald
    Thomas Schuster
    Sensing and Imaging, 2022, 23
  • [2] Learned Anomaly Detection with Terahertz Radiation in Inline Process Monitoring
    Meiser, Clemens
    Wald, Anne
    Schuster, Thomas
    SENSING AND IMAGING, 2022, 23 (01):
  • [3] A SIEM Architecture for Multidimensional Anomaly Detection
    Laue, Tim
    Kleiner, Carsten
    Detken, Kai-Oliver
    Klecker, Timo
    PROCEEDINGS OF THE THE 11TH IEEE INTERNATIONAL CONFERENCE ON INTELLIGENT DATA ACQUISITION AND ADVANCED COMPUTING SYSTEMS: TECHNOLOGY AND APPLICATIONS (IDAACS'2021), VOL 1, 2021, : 136 - 142
  • [4] An Architecture for Monitoring and Anomaly Detection for Space Systems
    Cortes, Edwin A.
    Rabelo, Luis
    SAE INTERNATIONAL JOURNAL OF AEROSPACE, 2013, 6 (01): : 81 - 86
  • [5] A Power Anomaly Detection Architecture Based on DNN
    Geng, Wei
    Liu, Dongyu
    Cao, Xiu
    PROCEEDINGS OF THE THIRD INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND APPLICATION ENGINEERING (CSAE2019), 2019,
  • [6] API Traffic Anomaly Detection in Microservice Architecture
    Sowmya, M.
    Rai, Ankith J.
    Spoorthi, V
    Irfan, M. D.
    Honnavalli, Prasad B.
    Nagasundari, S.
    2023 IEEE/ACM 23RD INTERNATIONAL SYMPOSIUM ON CLUSTER, CLOUD AND INTERNET COMPUTING WORKSHOPS, CCGRIDW, 2023, : 206 - 213
  • [7] Multimodel anomaly detection on spatio-temporal logistic datastream with open anomaly detection architecture
    Oktay, Talha
    Yogurtcuoglu, Erdenay
    Sarikaya, Ramazan Nejdet
    Karaca, Ali Recep
    Komurcu, Mehmet Firat
    Sayar, Ahmet
    EXPERT SYSTEMS WITH APPLICATIONS, 2021, 186
  • [8] MAAD: A Distributed Anomaly Detection Architecture for Microservices Systems
    Tan, Rongyuan
    Li, Zhuozhao
    PROCEEDINGS 2024 IEEE INTERNATIONAL PARALLEL AND DISTRIBUTED PROCESSING SYMPOSIUM, IPDPS 2024, 2024, : 1009 - 1021
  • [9] Architecture of Anomaly Detection Module for the Security Operations Center
    Bienias, Piotr
    Kolaczek, Grzegorz
    Warzynski, Arkadiusz
    2019 IEEE 28TH INTERNATIONAL CONFERENCE ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES (WETICE), 2019, : 126 - 131
  • [10] FamilyGuard: A Security Architecture for Anomaly Detection in Home Networks
    de Melo, Pedro H. A. D.
    Miani, Rodrigo Sanches
    Rosa, Pedro Frosi
    SENSORS, 2022, 22 (08)
12345