Network-wide anomaly detection via the Dirichlet process

File Description SizeFormat 
dp.pdfAccepted version434.39 kBAdobe PDFView/Open
Title: Network-wide anomaly detection via the Dirichlet process
Authors: Heard, NA
Rubin-Delanchy, P
Item Type: Conference Paper
Abstract: Statistical anomaly detection techniques provide the next layer of cyber-security defences below traditional signature-based approaches. This article presents a scalable, principled, probability-based technique for detecting outlying connectivity behaviour within a directed interaction network such as a computer network. Independent Bayesian statistical models are fit to each message recipient in the network using the Dirichlet process, which provides a tractable, conjugate prior distribution for an unknown discrete probability distribution. The method is shown to successfully detect a red team attack in authentication data obtained from the enterprise network of Los Alamos National Laboratory.
Issue Date: 17-Nov-2016
Date of Acceptance: 22-Jul-2016
ISBN: 978-1-5090-3865-7
Publisher: IEEE
Copyright Statement: © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Sponsor/Funder: GCHQ
Funder's Grant Number: PO Ref 4182166 / Cyber Funding
Conference Name: IEEE Conference on Intelligence and Security Informatics (ISI), 2016
Publication Status: Published
Start Date: 2016-09-28
Finish Date: 2016-09-30
Conference Place: Arizona, USA
Appears in Collections:Mathematics
Faculty of Natural Sciences

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Creative Commonsx