Visible to the public EagleEye: A Novel Visual Anomaly Detection Method

TitleEagleEye: A Novel Visual Anomaly Detection Method
Publication TypeConference Paper
Year of Publication2018
AuthorsSharafaldin, Iman, Ghorbani, Ali A.
Conference Name2018 16th Annual Conference on Privacy, Security and Trust (PST)
Date Publishedaug
Keywordsabnormal behaviors, Anomaly Visualization, Australian Defence Force Academy Linux Dataset, data depth, data visualisation, Data visualization, dimensional reduction, dimensionality reduction, EagleEye view, EagleEyes efficiency, Human Behavior, Human Behavior and Cybersecurity, human eyes, Intrusion detection, Linux, Mathematical model, modified t-SNE, normal behaviors, principal component analysis, pubcrawl, security of data, system call, System Call Trace, Three-dimensional displays, Two dimensional displays, two-dimensional space, visual anomaly detection method
AbstractWe propose a novel visualization technique (Eagle-Eye) for intrusion detection, which visualizes a host as a commu- nity of system call traces in two-dimensional space. The goal of EagleEye is to visually cluster the system call traces. Although human eyes can easily perceive anomalies using EagleEye view, we propose two different methods called SAM and CPM that use the concept of data depth to help administrators distinguish between normal and abnormal behaviors. Our experimental results conducted on Australian Defence Force Academy Linux Dataset (ADFA-LD), which is a modern system calls dataset that includes new exploits and attacks on various programs, show EagleEye's efficiency in detecting diverse exploits and attacks.
DOI10.1109/PST.2018.8514179
Citation Keysharafaldin_eagleeye_2018