Overview |
In a natural environment, biological organisms habituate to what is normal in
that environment. As the environment changes (e.g., from summer to fall to
winter), the organism learns the characteristics of the new environment from
day to day, and adapts its internal representation of normal to match the
environment. Unusual, or anomalous, conditions can be recognized when
viewed against a normal background. Similarly, in computational
environments, "normal" behavior changes from time to time, and computational
organisms must learn or adapt to the changes in its environment. Again,
against a background of normal behavior, the organism can recognize anomalous
conditions. We regard intrusions as anomalous conditions that can be
recognized against a background of normal behavior. Our task is to build
such a computational organism that will adapt to its locally changing
environment, and will recognize anomalous behaviors (e.g., intrusions)
against that background. This organism, once constructed, will be tested for
type-I and type-II errors using both natural and synthetic data streams. We
will build a synthetic environment for the purpose of the latter.
|
