Information-theoretic measures for anomaly detection

@inproceedings{citeulike:1310123, abstract = {Anomaly detection is an essential component of the protection mechanisms against novel attacks. In this paper, we propose to use several information-theoretic measures, namely, entropy, conditional entropy, relative conditional entropy, information gain, and information cost, for anomaly detection. These measures can be used to describe the characteristics of an audit data set, suggest the appropriate anomaly detection model(s) to be built, and explain the performance of the model(s). We use...}, author = {Lee, Wenke and Xiang, Dong }, booktitle = {Proc. of the 2001 IEEE Symposium on Security and Privacy}, citeulike-article-id = {1310123}, keywords = {anomaly, detection, information, theory}, month = {May}, pages = {130--143}, posted-at = {2007-05-20 05:06:38}, priority = {2}, title = {Information-theoretic measures for anomaly detection}, url = {http://citeseer.ist.psu.edu/408421.html}, year = {2001} }

TY - CONF ID - citeulike:1310123 L3 - citeulike-article-id:1310123 TI - Information-theoretic measures for anomaly detection T2 - Proc. of the 2001 IEEE Symposium on Security and Privacy SP - 130 EP - 143 N2 - Anomaly detection is an essential component of the protection mechanisms against novel attacks. In this paper, we propose to use several information-theoretic measures, namely, entropy, conditional entropy, relative conditional entropy, information gain, and information cost, for anomaly detection. These measures can be used to describe the characteristics of an audit data set, suggest the appropriate anomaly detection model(s) to be built, and explain the performance of the model(s). We use... KW - anomaly KW - detection KW - information KW - theory AU - Lee, Wenke AU - Xiang, Dong PY - 2001/May// UR - http://citeseer.ist.psu.edu/408421.html ER -