学术文献库

Anomaly-based intrusion detection systems are essential defenses against cybersecurity threats because they can identify anomalies in current activities. However, these systems have difficulties providing entity processing independence through a programming language. In addition, a degradation of the detection process is caused by the complexity of scheduling the training and detection processes, which are required to keep the anomaly detection system continuously updated. This paper shows how to use the algebraic state-transition diagram (ASTD) language to develop flexible anomaly detection systems. This paper provides a model for detecting point anomalies using the unsupervised non-parametric technique Kernel Density Estimation to estimate the probability density of event occurrence. The proposed model caters for both the training and the detection phase continuously. The ASTD language streamlines the modeling of detection systems thanks to its process algebraic operators that provide a solution to overcome these challenges. By delegating the combination of anomaly-based detection processes to the ASTD language, the effort and complexity are reduced during detection models development. Finally, using a qualitative evaluation, this study demonstrates that the algebraic operators in the ASTD specification language overcome these challenges.