Abstract
Anomaly detection is essential in network security. It has been researched for decades. Many anomaly detection methods have been proposed. Because of the simplicity of principles, statistical and Markovian methods dominate these approaches. However, their effectiveness is constrained by specific preconditions, which make them work for only appropriate data sets which satisfy their premises. Other than statistical and Markovian model, information theory provides a different perspective about anomaly detection. However, the computation of information theoretic measures is still based on statistics. In this paper, we present a novel, information theoretic anomaly detection framework. Instead of statistics, it employs lossless compression for measuring the information quantity, and detects outliers according to compression result. We also discuss the selection of underlying compression algorithm, and choose a grammar compression for utilizing the structure of data. With grammar compression, our method overcomes the shortcomings of statistical and Markovian methods. In addition, the implementation and operation of our method is even simpler than traditional approaches. We test our method on four data sets about text analyzing, host intrusion detection and bug detection. Experimental results show that, even traditional methods fail in some situations, our simple method works well in all cases.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
