417
IRUS TotalDownloads
Altmetric
Network-wide anomaly detection via the Dirichlet process
dp.pdf| Title: | Network-wide anomaly detection via the Dirichlet process |
| Authors: | Heard, NA Rubin-Delanchy, P |
| Item Type: | Conference Paper |
| Abstract: | Statistical anomaly detection techniques provide the next layer of cyber-security defences below traditional signature-based approaches. This article presents a scalable, principled, probability-based technique for detecting outlying connectivity behaviour within a directed interaction network such as a computer network. Independent Bayesian statistical models are fit to each message recipient in the network using the Dirichlet process, which provides a tractable, conjugate prior distribution for an unknown discrete probability distribution. The method is shown to successfully detect a red team attack in authentication data obtained from the enterprise network of Los Alamos National Laboratory. |
| Issue Date: | 17-Nov-2016 |
| Date of Acceptance: | 22-Jul-2016 |
| URI: | http://hdl.handle.net/10044/1/42763 |
| DOI: | https://dx.doi.org/10.1109/ISI.2016.7745478 |
| ISBN: | 978-1-5090-3865-7 |
| Publisher: | IEEE |
| Copyright Statement: | © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
| Sponsor/Funder: | GCHQ |
| Funder's Grant Number: | PO Ref 4182166 / Cyber Funding |
| Conference Name: | IEEE Conference on Intelligence and Security Informatics (ISI), 2016 |
| Publication Status: | Published |
| Start Date: | 2016-09-28 |
| Finish Date: | 2016-09-30 |
| Conference Place: | Arizona, USA |
| Appears in Collections: | Statistics Faculty of Natural Sciences Mathematics |