loading
Papers

Research.Publish.Connect.

Paper

Authors: Markus Wurzenberger ; Florian Skopik ; Giuseppe Settanni and Roman Fiedler

Affiliation: AIT Austrian Instritute of Technology, Austria

ISBN: 978-989-758-282-0

Keyword(s): Anomaly Detection, Intrusion Detection System, Machine Learning, Log Analysis.

Related Ontology Subjects/Areas/Topics: Internet Technology ; Intrusion Detection and Response ; Web Information Systems and Technologies

Abstract: In recent years, new forms of cyber attacks with an unprecedented sophistication level have emerged. Additionally, systems have grown to a size and complexity so that their mode of operation is barely understandable any more, especially for chronically understaffed security teams. The combination of ever increasing exploitation of zero day vulnerabilities, malware auto-generated from tool kits with varying signatures, and the still problematic lack of user awareness is alarming. As a consequence signature-based intrusion detection systems, which look for signatures of known malware or malicious behavior studied in labs, do not seem fit for future challenges. New, flexibly adaptable forms of intrusion detection systems (IDS), which require just minimal maintenance and human intervention, and rather learn themselves what is considered normal in an infrastructure, are a promising means to tackle today’s serious security situation. This paper introduces ÆCID, a new anomaly-based IDS appro ach, that incorporates many features motivated by recent research results, including the automatic classification of events in a network, their correlation, evaluation, and interpretation up to a dynamically-configurable alerting system. Eventually, we foresee ÆCID to be a smart sensor for established SIEM solutions. Parts of ÆCID are open source and already included in Debian Linux and Ubuntu. This paper provides vital information on its basic design, deployment scenarios and application cases to support the research community as well as early adopters of the software package. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.210.23.15

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Wurzenberger, M.; Skopik, F.; Settanni, G. and Fiedler, R. (2018). AECID: A Self-learning Anomaly Detection Approach based on Light-weight Log Parser Models.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-282-0, pages 386-397. DOI: 10.5220/0006643003860397

@conference{icissp18,
author={Markus Wurzenberger. and Florian Skopik. and Giuseppe Settanni. and Roman Fiedler.},
title={AECID: A Self-learning Anomaly Detection Approach based on Light-weight Log Parser Models},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2018},
pages={386-397},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006643003860397},
isbn={978-989-758-282-0},
}

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - AECID: A Self-learning Anomaly Detection Approach based on Light-weight Log Parser Models
SN - 978-989-758-282-0
AU - Wurzenberger, M.
AU - Skopik, F.
AU - Settanni, G.
AU - Fiedler, R.
PY - 2018
SP - 386
EP - 397
DO - 10.5220/0006643003860397

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.