scholarly journals Auto-Threshold Deep SVDD for Anomaly-based Web Application Firewall

2021 ◽  
Author(s):  
Ali Moradi Vartouni ◽  
Matin Shokri ◽  
Mohammad Teshnehlab
Keyword(s):  
Deep Learning ◽  
Anomaly Detection ◽  
Web Application ◽  
Threshold Level ◽  
Web Security ◽  
Detection Methods ◽  
Support Vector ◽  
Support Vector Data Description ◽  
Vector Data ◽  
Deep Support

Protecting websites and applications from cyber-threats is vital for any organization. A Web application firewall (WAF) prevents attacks to damaging applications. This provides a web security by filtering and monitoring traffic network to protect against attacks. A WAF solution based on the anomaly detection can identify zero-day attacks. Deep learning is the state-of-the-art method that is widely used to detect attacks in the anomaly-based WAF area. Although deep learning has demonstrated excellent results on anomaly detection tasks in web requests, there is trade-off between false-positive and missed-attack rates which is a key problem in WAF systems. On the other hand, anomaly detection methods suffer adjusting threshold-level to distinguish attack and normal traffic. In this paper, first we proposed a model based on Deep Support Vector Data Description (Deep SVDD), then we compare two feature extraction strategies, one-hot and bigram, on the raw requests. Second to overcome threshold challenges, we introduce a novel end-to-end algorithm Auto-Threshold Deep SVDD (ATDSVDD) to determine an appropriate threshold during the learning process. As a result we compare our model with other deep models on CSIC-2010 and ECML/PKDD-2007 datasets. Results show ATDSVDD on bigram feature data have better performance in terms of accuracy and generalization. <br>

scholarly journals Auto-Threshold Deep SVDD for Anomaly-based Web Application Firewall

2021 ◽  
Author(s):  
Ali Moradi Vartouni ◽  
Matin Shokri ◽  
Mohammad Teshnehlab
Keyword(s):  
Deep Learning ◽  
Anomaly Detection ◽  
Web Application ◽  
Threshold Level ◽  
Web Security ◽  
Detection Methods ◽  
Support Vector ◽  
Support Vector Data Description ◽  
Vector Data ◽  
Deep Support

Protecting websites and applications from cyber-threats is vital for any organization. A Web application firewall (WAF) prevents attacks to damaging applications. This provides a web security by filtering and monitoring traffic network to protect against attacks. A WAF solution based on the anomaly detection can identify zero-day attacks. Deep learning is the state-of-the-art method that is widely used to detect attacks in the anomaly-based WAF area. Although deep learning has demonstrated excellent results on anomaly detection tasks in web requests, there is trade-off between false-positive and missed-attack rates which is a key problem in WAF systems. On the other hand, anomaly detection methods suffer adjusting threshold-level to distinguish attack and normal traffic. In this paper, first we proposed a model based on Deep Support Vector Data Description (Deep SVDD), then we compare two feature extraction strategies, one-hot and bigram, on the raw requests. Second to overcome threshold challenges, we introduce a novel end-to-end algorithm Auto-Threshold Deep SVDD (ATDSVDD) to determine an appropriate threshold during the learning process. As a result we compare our model with other deep models on CSIC-2010 and ECML/PKDD-2007 datasets. Results show ATDSVDD on bigram feature data have better performance in terms of accuracy and generalization. <br>

Bridge health anomaly detection using deep support vector data description

2021 ◽  
Author(s):  
JianXi Yang ◽  
Fei Yang ◽  
Likai Zhang ◽  
Ren Li ◽  
Shixin Jiang ◽  
...  
Keyword(s):  
Anomaly Detection ◽  
Support Vector ◽  
Support Vector Data Description ◽  
Vector Data ◽  
Data Description ◽  
Deep Support

scholarly journals Finding new physics without learning about it: anomaly detection as a tool for searches at colliders

2021 ◽  
Vol 81 (1) ◽  
Author(s):  
M. Crispim Romão ◽  
N. F. Castro ◽  
R. Pedro
Keyword(s):  
Anomaly Detection ◽  
New Physics ◽  
Machine Learning Techniques ◽  
Detection Methods ◽  
Support Vector ◽  
Support Vector Data Description ◽  
Vector Data ◽  
Detection Techniques ◽  
Learning Techniques ◽  
New Strategy

AbstractIn this paper we propose a new strategy, based on anomaly detection methods, to search for new physics phenomena at colliders independently of the details of such new events. For this purpose, machine learning techniques are trained using Standard Model events, with the corresponding outputs being sensitive to physics beyond it. We explore three novel AD methods in HEP: Isolation Forest, Histogram-Based Outlier Detection, and Deep Support Vector Data Description; alongside the most customary Autoencoder. In order to evaluate the sensitivity of the proposed approach, predictions from specific new physics models are considered and compared to those achieved when using fully supervised deep neural networks. A comparison between shallow and deep anomaly detection techniques is also presented. Our results demonstrate the potential of semi-supervised anomaly detection techniques to extensively explore the present and future hadron colliders’ data.

scholarly journals Multi-Perspective Anomaly Detection

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5311
Author(s):  
Peter Jakob ◽  
Manav Madan ◽  
Tobias Schmid-Schirling ◽  
Abhinav Valada
Keyword(s):  
Anomaly Detection ◽  
Manufacturing Industry ◽  
Support Vector ◽  
Support Vector Data Description ◽  
Vector Data ◽  
Late Fusion ◽  
Multiple Perspectives ◽  
Augmentation Techniques ◽  
Drill Holes ◽  
Deep Support

Anomaly detection is a critical problem in the manufacturing industry. In many applications, images of objects to be analyzed are captured from multiple perspectives which can be exploited to improve the robustness of anomaly detection. In this work, we build upon the deep support vector data description algorithm and address multi-perspective anomaly detection using three different fusion techniques, i.e., early fusion, late fusion, and late fusion with multiple decoders. We employ different augmentation techniques with a denoising process to deal with scarce one-class data, which further improves the performance (ROC AUC =80%). Furthermore, we introduce the dices dataset, which consists of over 2000 grayscale images of falling dices from multiple perspectives, with 5% of the images containing rare anomalies (e.g., drill holes, sawing, or scratches). We evaluate our approach on the new dices dataset using images from two different perspectives and also benchmark on the standard MNIST dataset. Extensive experiments demonstrate that our proposed multi-perspective approach exceeds the state-of-the-art single-perspective anomaly detection on both the MNIST and dices datasets. To the best of our knowledge, this is the first work that focuses on addressing multi-perspective anomaly detection in images by jointly using different perspectives together with one single objective function for anomaly detection.

Generalized support vector data description for anomaly detection

2020 ◽  
Vol 100 ◽  
pp. 107119 ◽  
Author(s):  
Mehmet Turkoz ◽  
Sangahn Kim ◽  
Youngdoo Son ◽  
Myong K. Jeong ◽  
Elsayed A. Elsayed
Keyword(s):  
Anomaly Detection ◽  
Support Vector ◽  
Support Vector Data Description ◽  
Vector Data ◽  
Data Description

scholarly journals A new approach of anomaly detection in wireless sensor networks using support vector data description

2017 ◽  
Vol 13 (1) ◽  
pp. 155014771668616 ◽  
Author(s):  
Zhen Feng ◽  
Jingqi Fu ◽  
Dajun Du ◽  
Fuqiang Li ◽  
Sizhou Sun
Keyword(s):  
Decision Making ◽  
Wireless Sensor Networks ◽  
Sensor Networks ◽  
Computational Complexity ◽  
Anomaly Detection ◽  
Wireless Sensor ◽  
Support Vector ◽  
Support Vector Data Description ◽  
Vector Data ◽  
Data Description

Anomaly detection is an important challenge in wireless sensor networks for some applications, which require efficient, accurate, and timely data analysis to facilitate critical decision making and situation awareness. Support vector data description is well applied to anomaly detection using a very attractive kernel method. However, it has a high computational complexity since the standard version of support vector data description needs to solve quadratic programming problem. In this article, an improved method on the basis of support vector data description is proposed, which reduces the computational complexity and is used for anomaly detection in energy-constraint wireless sensor networks. The main idea is to improve the computational complexity from the training stage and the decision-making stage. First, the strategy of training sample reduction is used to cut back the number of samples and then the sequential minimal optimization algorithm based on the second-order approximation is implemented on the sample set to achieve the goal of reducing the training time. Second, through the analysis of the decision function, the pre-image in the original space corresponding to the center of hyper-sphere in kernel feature space can be obtained. The decision complexity is reduced from O( l) to O(1) using the pre-image. Eventually, the experimental results on several benchmark datasets and real wireless sensor networks datasets demonstrate that the proposed method can not only guarantee detection accuracy but also reduce time complexity.

Sign in / Sign up

Export Citation Format

Share Document