ON BAYESIAN NEW EDGE PREDICTION AND ANOMALY DETECTION IN COMPUTER NETWORKS

Monitoring computer network traffic for anomalous behaviour presents an important security challenge. Arrivals of new edges in a network graph represent connections between a client and server pair not previously observed, and in rare cases thesemight suggest the presence of intruders or malicious i...

Full description

Saved in:
Bibliographic Details
Published in:The annals of applied statistics 2019-12, Vol.13 (4), p.2586-2610
Main Authors: Metelli, Silvia, Heard, Nicholas
Format: Article
Language:English
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Monitoring computer network traffic for anomalous behaviour presents an important security challenge. Arrivals of new edges in a network graph represent connections between a client and server pair not previously observed, and in rare cases thesemight suggest the presence of intruders or malicious implants. We propose a Bayesian model and anomaly detection method for simultaneously characterising existing network structure and modelling likely new edge formation. The method is demonstrated on real computer network authentication data and successfully identifies some machines which are known to be compromised.
ISSN:1932-6157
1941-7330
DOI:10.1214/19-AOAS1286