Talks & Seminars
Adaptive Real-time Anomaly Detection for Safeguarding Critical Networks
Simin Nadjm-Tehrani, Associate Professor, Dept. of Computer and Information Science, Linköping University, Sweden.
Date & Time: February 16, 2006 14:30
Venue: KreSIT Lecture Hall, 2nd Floor
Critical networks require defence in depth incorporating many different security technologies including intrusion detection. One important intrusion detection approach is called anomaly detection where normal (good) behaviour of users of the protected system is modelled, often using machine learning or data mining techniques. In this talk I present joint work with my PhD student Kalle Burbeck on ADWICE (Anomaly Detection With fast Incremental Clustering) evaluated in IP networks. ADWICE has the following properties: * Adaptation - Rather than making use of extensive periodic retraining sessions on stored off-line data to handle changes, ADWICE is fully incremental making very flexible on-line training of the model possible without destroying what is already learnt. When subsets of the model are not useful anymore, those clusters can be forgotten. * Performance - ADWICE is linear in the number of input data thereby heavily reducing training time compared to alternative clustering algorithms. Training time as well as detection time is further reduced by the use of an integrated search-index. * Scalability - Rather than keeping all data in memory, only compact cluster summaries are used. The linear time complexity also improves scalability of training.
Speaker Profile:
Simin Nadjm-Tehrani, Associate Professor Director of Laboratory for Real-time Systems (RTSLAB) Dept. of Computer and Information Science Linköping University, Sweden. www.ida.liu.se/~rtslab
List of Talks


Faculty CSE IT
Forgot Password
    [+] Sitemap     Feedback