We propose anomalous taint detection, an approach that combines fine-grained taint tracking with learning-based anomaly detection. Anomaly detection is used to identify behavioral deviations that manifest when vulnerabilities are exercised. Fine-grained taint-tracking is used to target the anomaly detector on those aspects of program behavior that can be controlled by an attacker. Our prelimina...

Anomaly detection has recently become an important problem in many industrial and financial applications. Very often, the databases from which anomalies have to be found are located at multiple local sites and cannot be merged due to privacy reasons or communication overhead. In this paper, a novel general framework for distributed anomaly detection is proposed. The proposed method consists of ...

Anomaly Detection Systems aim to construct accurate network traffic models with the objective to discover yet unknown malicious network traffic patterns. In this paper, we study the use of the same methods in order to create a covert channel which is not discovered by Anomaly Detection Systems and can be used to exfiltrate (malicous) traffic from a network. The channel is created by imitating c...

Computer systems are vulnerable to abuse by insiders and to penetration by outsiders. The amount of monitoring data generated in computer networks is enormous. Tools are needed to ease the work of system operators. Anomaly detection attempts to recognise abnormal behaviour to detect intrusions. A prototype Anomaly Detection System has been constructed. The system provides means for automatic an...

Anomaly detection, detection of deviations from what is considered normal, is an important complement to misuse detection based on attack signatures. Anomaly detection in real-time places hard requirements on the algorithms used, making many proposed data mining techniques less suitable. ADWICE (Anomaly Detection With fast Incremental Clustering) uses the first phase of the existing BIRCH clust...

This paper discusses several issues of evaluation and comparison of anomaly detection algorithms, namely lack of publicly available implementations and annotated data sets. Another problem of many methods is a detection delay caused by operating on data binned to a long time intervals. The paper presents a library under development which aims to tackle the comparison and evaluation issues. Furt...

Dynamic graphs are a powerful way to model an evolving set of objects and their ongoing interactions. A broad spectrum of systems, such as information, communication, and social, are naturally represented by dynamic graphs. Outlier (or anomaly) detection in dynamic graphs can provide unique insights into the relationships of objects and identify novel or emerging relationships. To date, outlier...

Signature based intrusion detection systems cannot detect new attacks. These systems are the most used and developed ones. Current anomaly based intrusion detection systems are also unable to detect all kinds of new attacks because they are designed to restricted applications on limited environment. Current hackers are using new attacks where neither preventive techniques mainly based on access...

Abstract Anomaly detection plays a crucial role in many Internet of Things (IoT) applications such as traffic anomaly for smart transportation and medical diagnosis healthcare. With the explosion IoT data, on data streams raises higher requirements real-time response strong robustness large-scale arriving at same time various application fields. However, existing methods are either slow or appl...