Correlation-Based Streaming Anomaly Detection in Cyber-Security

Noble, Jordan; Adams, Niall M.

doi:10.1109/icdmw.2016.0051

Cited by 4 publications

(6 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A compromise is to inject anomalies representative of attacks in real datasets [16]. In [5] the performance of SCAD was evaluated on real data with contrived anomalies induced by data contamination. Here, we conduct a more rigorous and complete simulation study to capture all performance aspects of our method and its competitors.…”

Section: Discussionmentioning

confidence: 99%

“…In [5], we looked at a small subset (62 edges) of the Los Alamos National Laboratory (LANL) Netflow data from the "Comprehensive, Multi-Source Cyber-Security Events" data set [18]. A key finding in that study was that SCAD revealed multiple network correlation anomalies at similar times with known suspicious behaviour.…”

Section: Demonstration Planmentioning

confidence: 99%

“…We illustrate the methodology in action on two different large computer networks. The approach is inspired by SCAD [5], but the core methodology has been considerably enhanced with a novel online change detector, which exploits the difference in rates of convergence between adaptive and static estimators. In addition, the issue of degeneracy in covariance estimation is resolved with shrinkage.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Real-Time Dynamic Network Anomaly Detection

Noble

Adams

2018

IEEE Intell. Syst.

Self Cite

View full text Add to dashboard Cite

Methodology for statistical analysis of enterprise network data is becoming increasingly important in cyber-security. The volume and velocity of enterprise network data sources puts a premium on streaming analytics that pass over the data once, while handling temporal variation in the process. In this paper we introduce ReTiNA: a framework for streaming network anomaly detection. This procedure first detects anomalies in the correlation processes on individual edges of the network graph. Second, anomalies across multiple edges are combined and scored to give network-wide situational awareness. The approach is tested in simulation and demonstrated on two real Netflow datasets.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Demonstration Planmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Real-Time Dynamic Network Anomaly Detection

Noble

Adams

2018

IEEE Intell. Syst.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Consequently, as the system depends on the dataset chosen to validate, it is important to use an updated, unknown to the rivals and reliable set to capture all possible insights. Although a few methods provided originals and updated instances [21,[23][24][25][26][27], a lot of research work relied on deprecated, static and often biased datasets [19,20,28,29] that lead to an endemic situation where numerous reported results are not applicable in real-world scenarios. Alongside the inability to cope with the most recent attacks and threats, these shortcomings have been disclosed by [30,31].…”

Section: State Of the Artmentioning

confidence: 99%

“…Despite the ability to process vast amounts of instances, most of the models fail to see security from an outlier or anomaly detection perspective in a streaming context. There are a few models that provide real-time options or stream processing [23,26,27], but most of them have an offline status preventing the solution from achieving robustness to adversarial threats or concept drifts [19,21,24,33,34].…”

Section: State Of the Artmentioning

confidence: 99%

Anomaly Detection for Cybersecurity

Chawla¹,

Jacob²,

Lee³

et al. 2022

Data Analytics for Cybersecurity

View full text Add to dashboard Cite

Above all, I would like to thank my supervisors, Professor Luís Antunes and João Resende, for their support, guidance, and encouragement to study an important application where two of the most promising fields, cybersecurity and data science, meet. I thank them for their patience, suggestions, and advice throughout this journey, especially in the most difficult and challenging moments.My next thanks go to Patrícia Sousa who has been, alongside with João Resende, a teacher, a friend, and an inspiring and dedicated example always willing to help and to clear my mind when everything seemed impossible. To João and Patrícia, my sincere gratitude.I would also like to thank my colleagues at C3P who have assisted me to fully understand and capture the principals, necessities, and requirements in cybersecurity. They provided crucial insights into a field I have never encountered before. A special word to André Cirne and Simão Silva.Last but not least, I thank my friends and family for all their love and understanding.Their faithful and encouraging support reinforced my confidence and eased my journey.

show abstract

A Study on Log Analysis Approaches Using Sandia Dataset

Pritom

Chu

et al. 2017

2017 26th International Conference on Computer Communication and Networks (ICCCN)

View full text Add to dashboard Cite

Correlation-Based Streaming Anomaly Detection in Cyber-Security

Cited by 4 publications

References 13 publications

Real-Time Dynamic Network Anomaly Detection

Real-Time Dynamic Network Anomaly Detection

Anomaly Detection for Cybersecurity

A Study on Log Analysis Approaches Using Sandia Dataset

Contact Info

Product

Resources

About