@inproceedings{409d20cd05214b5dba00a00e1370e156,
title = "Anomaly detection via manifold learning",
abstract = "The basic approach to protect and secure critical infrastructure and networking data against cyber attacks of the last 45 years called {"}walls and gates{"} (barriers between trusted and untrusted components, with policy-mediated passthrough) have failed. There is no reason to think that they will be more successful in the future. Rule based methodologies that govern firewalls and IDS/IPS are irrelevant today to detect sophisticated malwares (viruses, SQL injections, Trojans, spyware and backdoors) that pretend to be regular streaming and penetrate every commercial barrier on the market that are based on signatures of intrusions that detect yesterday attacks but fail to detect zero day attacks. The focus is on detecting zero day malware. We describe a prototype security system that automatically identifies and classifies malware. The core technology is based upon manifold learning that uses diffusion processes, diffusion geometries and other methodologies that find geometric patterns that deviate from normality. The main technology core is based upon training the system to extract heterogeneous features, to cluster the normal behavior and then detect patterns that deviate from it which are malware anomalies. The proposed technology offers behavioral analysis of heterogeneous complex dynamic networking data to that maintains and preserves networks' health. The system uses efficient computation that is based on multiscale dictionary learning and kernel approximation, patch processing, adaptive subsampling and clustering and profile updating. These are universal generic core technologies for anomaly detections algorithms that are based on well founded deep unification between different mathematical theories from different disciplines that emerged recently. Promising preliminary results increase the potential of the proposed system to fill the gap that current state-of-the-art IDS/IPS and firewalls are unable to fill.",
keywords = "Anomaly detection, Behavioral analysis, Clustering, Malware detection, Manifold learning, Training",
author = "Amir Averbuch and Pekka Neittaanm{\"a}ki",
year = "2013",
language = "אנגלית",
isbn = "9781627489089",
series = "European Conference on Information Warfare and Security, ECCWS",
publisher = "Academic Conferences Ltd",
pages = "24--30",
booktitle = "12th European Conference on Information Warfare and Security 2013, ECIW 2013",
note = "12th European Conference on Information Warfare and Security 2013, ECIW 2013 ; Conference date: 11-07-2013 Through 12-07-2013",
}