Logo des Repositoriums

Auflistung nach Schlagwort "Anomaly detection"

1 - 2 von 2
  • Zeitschriftenartikel
    A Framework for Learning Event Sequences and Explaining Detected Anomalies in a Smart Home Environment
    (KI - Künstliche Intelligenz: Vol. 36, No. 0, 2022) Baudisch, Justin; Richter, Birte; Jungeblut, Thorsten
    This paper presents a framework for learning event sequences for anomaly detection in a smart home environment. It addresses environment conditions, device grouping, system performance and explainability of anomalies. Our method models user behavior as sequences of events, triggered by interaction of the home residents with the Internet of Things (IoT) devices. Based on a given set of recorded event sequences, the system can learn the habitual behavior of the residents. An anomaly is described as deviation from that normal behavior, previously learned by the system. One key feature of our framework is the explainability of detected anomalies, which is implemented through a simple rule analysis.
  • Textdokument
    Potential analysis for the detection of attacks on wireless networks using the Wireless Intrusion Detection System Nzyme
    (INFORMATIK 2022, 2022) Eisenhut,Maximilian; Honekamp,Wilfried
    Due to the flexibility and low cost of acquisition compared to wired network connections, wireless networks continue to proliferate. Due to this increasing number and the characteristics of a shared medium, it offers potential attackers a suitable platform to easily gain access to diverse network types. To this end, the range of specialised hardware and software for attacking wireless networks is constantly evolving. Information on the location and other parameters of wireless networks is also documented and updated online in a largely automated manner. Particularly in the economic as well as in the public environment, a special need can thus arise to detect attacks, identify attackers and initiate countermeasures on the basis of this information. This paper describes the evaluation of the possibilities offered by the open-source Wireless Intrusion Detection System (WIDS) Nzyme. For this purpose, the messages that occur during different attacks were examined. Furthermore, real data was recorded and evaluated based on the parameters from the test attacks to draw conclusions about the type and frequency of attacks. The ratio between legitimate reports and false alarms was also determined. Test attacks were successfully detected and could be assigned to possible attacks. Real data was recorded at three locations and compared with the patterns from the test attacks. The evaluation shows that the rate of false alarms in real operations is unacceptable, at over 27%. The causes for this are mostly misconfigurations and atmospheric disturbances. The study further shows, that combined alarm messages allow conclusions to be drawn about the type of attack carried out and thus the number of false alarms can be reduced. The effort and benefit of a WIDS are currently not yet in a meaningful relationship. Nevertheless, use and further development are recommended, taking these circumstances into account.