Correlation-Based Streaming Anomaly Detection in Cyber-Security

Methodology for statistical analysis of enterprise network data is becoming more important in cyber-security. The volume and velocity of enterprise network data sources puts a premium on streaming analytics - procedures that pass over the data once, while handling temporal variation in the process....

Full description

Saved in:
Bibliographic Details
Main Authors: Noble, Jordan, Adams, Niall M.
Format: Conference Proceeding
Language:English
Subjects:
Adaptation models
Computer networks
Computer security
Correlation
Data models
Image edge detection
Maximum likelihood estimation
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Methodology for statistical analysis of enterprise network data is becoming more important in cyber-security. The volume and velocity of enterprise network data sources puts a premium on streaming analytics - procedures that pass over the data once, while handling temporal variation in the process. In this paper we sketch SCAD: a procedure for streaming anomaly detection in the correlation between a pair of variables. This procedure is intended to detect anomalies on individual edges of the network graph. The approach is illustrated on real Netflow data, where novel ideas are introduced to assess performance on a single edge. The procedure is then successfully extended to combine and score anomalies across multiple edges.
ISSN:2375-9259
DOI:10.1109/ICDMW.2016.0051