Kieran Flanagan scite author profile

Jacob

et al. 2019

The detection of new, novel attacks on organizational networks is a problem of ever-increasing relevance in today's society. Research in the area is focused on the detection of "Zero-Day" and "Black Swan" events through the use of machine learning technologies. Where previous technologies needed a known example of malicious behavior to detect a similar event, recent advances in anomaly detection on network activity has shown promise of detecting novel attacks. In a real word environment however, novel behavior occurs relatively frequently as users utilize new software applications and new standards in networking. Changes such as these, while of notable importance to network security technicians, may not present themselves as an imminent threat to a network. This paper proposes a novel method for the detection and classification of changes in networking behavior. Through the use of a Dynamic Degenerative Neural Network (2D2N), changes in recognizable user activity are dynamically classified and stored for future reference. Through the use of a time-based entropy function, infrequent activity can be analyzed and given precedence over frequent activity. This aids in the classification of abnormal activity for fast, efficient assessment by the relevant persons in an organization. The proposed method enables the detection, classification and scoring of any and all user activity on a network. Evaluation of the proposed method is based upon live data gathered from a large, multinational organization.

show abstract

Network anomaly detection in time series using distance based outlier detection with cluster density analysis

Connolly

et al. 2017

Self-configuring NetFlow anomaly detection using cluster density analysis

Awad

et al. 2017

NetFlow Anomaly Detection Though Parallel Cluster Density Analysis in Continuous Time-Series

Connolly

et al. 2017

The increase in malicious network based attacks has resulted in a growing interest in network anomaly detection. The ability to detect unauthorized or malicious activity on a network is of importance to any organization. With the increase in novel attacks, anomaly detection techniques can be more successful in detecting unknown malicious activity in comparison to traditional signature based methods. However, in a real-world environment, there are many variables that cannot be simulated. This paper proposes an architecture where parallel clustering algorithms work concurrently in order to detect abnormalities that may be lost while traversing over time-series windows. The presented results describe the NetFlow activity of the NPD Group, Inc. over a 24-hour period. The presented results contain real-world anomalies that were detected.

show abstract

S. A. V. I. O. R: Security Analytics on Asset Vulnerability for Information Abstraction and Risk Analysis

Awad

et al. 2016