Anomaly detection via manifold learning

Amir Averbuch, Pekka Neittaanmäki

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


The basic approach to protect and secure critical infrastructure and networking data against cyber attacks of the last 45 years called "walls and gates" (barriers between trusted and untrusted components, with policy-mediated passthrough) have failed. There is no reason to think that they will be more successful in the future. Rule based methodologies that govern firewalls and IDS/IPS are irrelevant today to detect sophisticated malwares (viruses, SQL injections, Trojans, spyware and backdoors) that pretend to be regular streaming and penetrate every commercial barrier on the market that are based on signatures of intrusions that detect yesterday attacks but fail to detect zero day attacks. The focus is on detecting zero day malware. We describe a prototype security system that automatically identifies and classifies malware. The core technology is based upon manifold learning that uses diffusion processes, diffusion geometries and other methodologies that find geometric patterns that deviate from normality. The main technology core is based upon training the system to extract heterogeneous features, to cluster the normal behavior and then detect patterns that deviate from it which are malware anomalies. The proposed technology offers behavioral analysis of heterogeneous complex dynamic networking data to that maintains and preserves networks' health. The system uses efficient computation that is based on multiscale dictionary learning and kernel approximation, patch processing, adaptive subsampling and clustering and profile updating. These are universal generic core technologies for anomaly detections algorithms that are based on well founded deep unification between different mathematical theories from different disciplines that emerged recently. Promising preliminary results increase the potential of the proposed system to fill the gap that current state-of-the-art IDS/IPS and firewalls are unable to fill.

Original languageEnglish
Title of host publication12th European Conference on Information Warfare and Security 2013, ECIW 2013
Number of pages7
StatePublished - 2013
Event12th European Conference on Information Warfare and Security 2013, ECIW 2013 - Jyvaskyla, Finland
Duration: 11 Jul 201312 Jul 2013

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610


Conference12th European Conference on Information Warfare and Security 2013, ECIW 2013


  • Anomaly detection
  • Behavioral analysis
  • Clustering
  • Malware detection
  • Manifold learning
  • Training


Dive into the research topics of 'Anomaly detection via manifold learning'. Together they form a unique fingerprint.

Cite this