Weighting versus Pruning in Rule Validation for Detecting Network and Host Anomalies  thumbnail
Pause
Mute
Subtitles
Playback speed
0.25
0.5
0.75
1
1.25
1.5
1.75
2
Full screen

Weighting versus Pruning in Rule Validation for Detecting Network and Host Anomalies

Published on Sep 14, 20073189 Views

For intrusion detection, the LERAD algorithm learns a succinct set of comprehensible rules for detecting anomalies, which could be novel attacks. LERAD validates the learned rules on a separ

Related categories

Chapter list

Intrusion Detection Systems00:03
Learning Rules for Anomaly Detection (LERAD)00:22
Aspects of Rule Quality02:05
Predictiveness vs. Belief<br>for LERAD rule02:38
Motivation and Problem Statement03:14
Overview of LERAD03:57
Anomaly score04:47
Revisit Validation Step05:53
Rule Pruning (1)06:01
Rule Pruning (2)06:52
Case 1 - Rule Conformed<br> (Rule Pruning)07:08
Case 2 - Rule Violated<br> (Rule Pruning)07:55
LERAD Rule Generation08:16
Coverage and Rule Pruning08:25
LERAD Rule Generation08:45
Rule Weighting08:51
Case 1 - Rule Conformed<br> (Rule Weighting)09:31
Case 2 - Rule Violated<br> (Rule Weighting)10:19
Anomaly Score11:11
Weighting Method 1:<br> Winnow-specialist11:59
Weighting Method 2:<br> Equal Reward Apportioning12:39
Weighting Method 3:<br> Weight of Evidence13:09
Empirical Evaluation13:43
AUC% (0.1% FA) <br>[Random detector AUC= 0.005%]15:00
AUC% (1% FA) <br>[Random detector AUC= 0.5%]15:39
Analysis of new attack(s)<br> detected by rule weighting15:53
Overhead16:42
Summary16:51