Filtering Techniques for Rapid User Classification

Terran Lane

In the computer security task of anomaly detection, we wish to measure not only the classification accuracy of a detector but also the average time to detection. This quantity represents either the average time between false alarms (for a valid user) or the average time until a hostile user is detected. We examine the use of noise suppression filters as componants of a learning classification system for this domain. We empirically evalute the behaviors of a trailing window mean value filter and a trailing window median value filter in terms of both accuracy and time to detection. We find that the median filter is generally to be preferred for this domain.


This page is copyrighted by AAAI. All rights reserved. Your use of this site constitutes acceptance of all of AAAI's terms and conditions and privacy policy.