Hybrid anomaly detection and prioritization for network logs at cloud scale

Ohana, David; Wassermann, Bruno; Dupuis, N.; Kolodner, Elliot K.; Raichstein, Eran; Malka, Michal

doi:10.1145/3492321.3519566

Cited by 3 publications

(1 citation statement)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To address the issues of temporal and participant data leakages, Cochrane and colleagues (2021) proposed an enhanced algorithm called “population-informed forward chain (PIFC) algorithm” which conducts cross-validation considering both users and time elements. Existing research efforts investigate the possible bias on assessing model performance (Varma & Simon, 2006), and PIFC algorithm was successfully implemented to analyze the temporal network data of an IBM cloud server (Ohana et al, 2022).…”

Section: Introductionmentioning

confidence: 99%

Effect of Machine Learning Cross-validation Algorithms Considering Human Participants and Time-series: Application on Biometric Data Obtained from a Virtual Reality Experiment

Palma Fraga,

Kang,

Axthelm

2023

Proceedings of the Human Factors and Ergonomics Society Annual

View full text Add to dashboard Cite

Data containing human participants and time-series features, as is commonplace in Human Factors research, require special considerations when used in machine learning applications. Ignoring such features during cross-validation procedures might lead to artificially increased model performances due to temporal (i.e. using future observations to predict the present) and participant (i.e using sub-data sets coming from the same participant for training and testing) data leakage. We propose a comparison approach to assess the model performance when machine learning algorithms are trained with two distinctly different cross-validation algorithms: k-fold, which assumes data independence, and population-informed forward chain (PIFC), which accounts for human participants and time-series features. A case study was conducted by using biometric measurements collected from a virtual reality chess experiment. The results show that substantial overestimation might occur when applying the k-fold algorithm instead of the PIFC algorithm.

show abstract

Section: Introductionmentioning

confidence: 99%

Effect of Machine Learning Cross-validation Algorithms Considering Human Participants and Time-series: Application on Biometric Data Obtained from a Virtual Reality Experiment

Palma Fraga,

Kang,

Axthelm

2023

Proceedings of the Human Factors and Ergonomics Society Annual

View full text Add to dashboard Cite

show abstract

A review of time-series analysis for cyber security analytics: from intrusion detection to attack prediction

Landauer,

Skopik,

Stojanović

et al. 2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Understanding the current threat landscape as well as timely detection of imminent attacks are primary objectives of cyber security. Through time-series modeling of security data, such as event logs, alerts, or incidents, analysts take a step towards these goals. On the one hand, extrapolating time-series to predict future occurrences of attacks and vulnerabilities is able to support decision-making and preparation against threats. On the other hand, detection of model deviations as anomalies can point to suspicious outliers and thereby disclose cyber attacks. However, since the set of available techniques for time-series analysis is just as diverse as the research domains in the area of cyber security analytics, it can be difficult for analysts to understand which approaches fit the properties of security data at hand. This paper therefore conducts a broad literature review in research domains that leverage time-series analysis for cyber security analytics, with focus on available techniques, data sets, and challenges imposed by applications or feature properties. The results of our study indicate that relevant approaches range from detective systems ingesting short-term and low-level events to models that produce long-term forecasts of high-level attack cases.

show abstract