Title | EagleEye: A Novel Visual Anomaly Detection Method |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Sharafaldin, Iman, Ghorbani, Ali A. |
Conference Name | 2018 16th Annual Conference on Privacy, Security and Trust (PST) |
Date Published | aug |
Keywords | abnormal behaviors, Anomaly Visualization, Australian Defence Force Academy Linux Dataset, data depth, data visualisation, Data visualization, dimensional reduction, dimensionality reduction, EagleEye view, EagleEyes efficiency, Human Behavior, Human Behavior and Cybersecurity, human eyes, Intrusion detection, Linux, Mathematical model, modified t-SNE, normal behaviors, principal component analysis, pubcrawl, security of data, system call, System Call Trace, Three-dimensional displays, Two dimensional displays, two-dimensional space, visual anomaly detection method |
Abstract | We propose a novel visualization technique (Eagle-Eye) for intrusion detection, which visualizes a host as a commu- nity of system call traces in two-dimensional space. The goal of EagleEye is to visually cluster the system call traces. Although human eyes can easily perceive anomalies using EagleEye view, we propose two different methods called SAM and CPM that use the concept of data depth to help administrators distinguish between normal and abnormal behaviors. Our experimental results conducted on Australian Defence Force Academy Linux Dataset (ADFA-LD), which is a modern system calls dataset that includes new exploits and attacks on various programs, show EagleEye's efficiency in detecting diverse exploits and attacks. |
DOI | 10.1109/PST.2018.8514179 |
Citation Key | sharafaldin_eagleeye_2018 |