Application-Level Unsupervised Outlier-Based Intrusion Detection and Prevention

<table class="algorithm-group"><tr><td><table class="algorithm" id="code2"><tr><td colspan="2">public static class MethodAdvice<svg height="11.5564pt" id="M360" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 4.62754 11.5564" width="4.62754pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M293 -169V-141C218 -131 209 -90 209 -44C209 19 222 85 222 152C222 207 198 255 139 269V273C199 286 222 334 222 388C222 454 209 523 209 588C209 632 218 671 293 681V709C234 709 148 695 148 577C147 513 155 438 155 372C155 337 152 291 64 285V256C152 250 155 204 155 169C156 105 148 31 148 -41C148 -157 234 -169 293 -169Z"></path></g></svg></td></tr><tr><td colspan="2">public static FeatureExtractorfeatureExtractor = FeatureExtractor.getSingleton();</td></tr><tr><td colspan="2">@Advice.OnMethodEnter</td></tr><tr><td colspan="2">public static Invocation onEnter(@Advice.Origin String fullyQualifiedMethodName,</td></tr><tr><td colspan="2">@Advice.AllArguments Object<svg height="11.439pt" id="M361" style="vertical-align:-2.15067pt" version="1.1" viewbox="-0.0498162 -9.28833 9.10328 11.439" width="9.10328pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M290 -163V-135C183 -126 181 -122 181 -44V583C181 662 184 666 290 675V703H120V-163H290Z"></path></g><g transform="matrix(.013,0,0,-0.013,4.485,0)"><path d="M226 -163V703H56V676C162 667 165 662 165 584V-43C165 -122 162 -126 56 -136V-163H226Z"></path></g></svg> params)<svg height="11.5564pt" id="M362" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 4.62754 11.5564" width="4.62754pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M293 -169V-141C218 -131 209 -90 209 -44C209 19 222 85 222 152C222 207 198 255 139 269V273C199 286 222 334 222 388C222 454 209 523 209 588C209 632 218 671 293 681V709C234 709 148 695 148 577C147 513 155 438 155 372C155 337 152 291 64 285V256C152 250 155 204 155 169C156 105 148 31 148 -41C148 -157 234 -169 293 -169Z"></path></g></svg></td></tr><tr><td colspan="2">//if first invocation in processing cycle, generate and append a unique label to//thread name</td></tr><tr><td colspan="2">return new Invocation(fullyQualifiedMethodName, params);</td></tr><tr><td colspan="2"><svg height="11.5564pt" id="M363" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 4.62754 11.5564" width="4.62754pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M283 255V284C195 290 192 337 192 375C192 436 200 508 200 580C200 696 116 709 54 709V681C127 671 139 634 139 588C138 524 125 452 125 387C125 333 149 286 209 272V268C148 253 125 206 125 151C126 87 139 16 139 -47C139 -92 127 -131 54 -141V-169C115 -169 200 -152 200 -41C200 32 192 104 192 164C192 202 195 249 283 255Z"></path></g></svg></td></tr><tr><td colspan="2">@Advice.OnMethodExit</td></tr><tr><td colspan="2">public static void onExit(@Advice.Enter Invocation invocation, </td></tr><tr><td colspan="2">@Advice.Return Object result, @Advice.Thrownthrowable) <svg height="11.5564pt" id="M364" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 4.62754 11.5564" width="4.62754pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M293 -169V-141C218 -131 209 -90 209 -44C209 19 222 85 222 152C222 207 198 255 139 269V273C199 286 222 334 222 388C222 454 209 523 209 588C209 632 218 671 293 681V709C234 709 148 695 148 577C147 513 155 438 155 372C155 337 152 291 64 285V256C152 250 155 204 155 169C156 105 148 31 148 -41C148 -157 234 -169 293 -169Z"></path></g></svg></td></tr><tr><td colspan="2">invocation.update(result, throwable != null);</td></tr><tr><td colspan="2">FeatureRecordfeatureRecord = featureExtractor.extract(invocation);</td></tr><tr><td colspan="2">//send featureRecord tagged with the label generated above, to ELKI-based analysis and </td></tr><tr><td colspan="2">//intrusion detection</td></tr><tr><td colspan="2"><svg height="11.5564pt" id="M365" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 4.62754 11.5564" width="4.62754pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M283 255V284C195 290 192 337 192 375C192 436 200 508 200 580C200 696 116 709 54 709V681C127 671 139 634 139 588C138 524 125 452 125 387C125 333 149 286 209 272V268C148 253 125 206 125 151C126 87 139 16 139 -47C139 -92 127 -131 54 -141V-169C115 -169 200 -152 200 -41C200 32 192 104 192 164C192 202 195 249 283 255Z"></path></g></svg></td></tr><tr><td colspan="2"><svg height="11.5564pt" id="M366" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 4.62754 11.5564" width="4.62754pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M283 255V284C195 290 192 337 192 375C192 436 200 508 200 580C200 696 116 709 54 709V681C127 671 139 634 139 588C138 524 125 452 125 387C125 333 149 286 209 272V268C148 253 125 206 125 151C126 87 139 16 139 -47C139 -92 127 -131 54 -141V-169C115 -169 200 -152 200 -41C200 32 192 104 192 164C192 202 195 249 283 255Z"></path></g></svg></td></tr></table></td></tr></table>

<div>Advice to instrument target method.</div>

Security and Communication Networks

code2

Code 2

Code 2: Application-Level Unsupervised Outlier-Based Intrusion Detection and Prevention 