Uwe Glässer

Zahra Zohrevand, Uwe Glässer

Nowadays, advanced intrusion detection systems (IDSs) rely on a combination of anomaly detection and signature-based methods. An IDS gathers observations, analyzes behavioral patterns, and reports suspicious events for further investigation. A notorious issue anomaly detection systems (ADSs) and IDSs face is the possibility of high false alarms, which even state-of-the-art systems have not overcome. This is especially a problem with large and complex systems. The number of non-critical alarms can easily overwhelm administrators and increase the likelihood of ignoring future alerts. Mitigation strategies thus aim to avoid raising `too many' false alarms without missing potentially dangerous situations. There are two major categories of false alarm-mitigation strategies: (1) methods that are customized to enhance the quality of anomaly scoring; (2) approaches acting as filtering methods in contexts that aim to decrease false alarm rates. These methods have been widely utilized by many scholars. Herein, we review and compare the existing techniques for false alarm mitigation in ADSs. We also examine the use of promising techniques in signature-based IDS and other relevant contexts, such as commercial security information and event management tools, which are promising for ADSs. We conclude by highlighting promising directions for future research.

Hamed Yaghoubi Shahir, Uwe Glässer, Amir Yaghoubi Shahir et al.

Maritime domain awareness is critical for protecting sea lanes, ports, harbors, offshore structures and critical infrastructures against common threats and illegal activities. Limited surveillance resources constrain maritime domain awareness and compromise full security coverage at all times. This situation calls for innovative intelligent systems for interactive situation analysis to assist marine authorities and security personal in their routine surveillance operations. In this article, we propose a novel situation analysis framework to analyze marine traffic data and differentiate various scenarios of vessel engagement for the purpose of detecting anomalies of interest for marine vessels that operate over some period of time in relative proximity to each other. The proposed framework views vessel behavior as probabilistic processes and uses machine learning to model common vessel interaction patterns. We represent patterns of interest as left-to-right Hidden Markov Models and classify such patterns using Support Vector Machines.