Imperial College London
Alternate

DrMarinaEvangelou

Faculty of Natural SciencesDepartment of Mathematics

Senior Lecturer in Statistics
 
 
 
//

Contact

 

+44 (0)20 7594 7184m.evangelou

 
 
//

Location

 

546Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@article{Evangelou:2020:10.1016/j.cose.2020.101941,
author = {Evangelou, M and Adams, N},
doi = {10.1016/j.cose.2020.101941},
journal = {Computers and Security},
pages = {1--10},
title = {An anomaly detection framework for cyber-security data},
url = {http://dx.doi.org/10.1016/j.cose.2020.101941},
volume = {97},
year = {2020}
}
Download

RIS format (EndNote, RefMan)

TY  - JOUR
AB  - Data-driven anomaly detection systems unrivalled potential as complementary defence systems to existing signature-based tools as the number of cyber attacks increases. In this manuscript an anomaly detection system is presented that detects any abnormal deviations from the normal behaviour of an individual device. Device behaviour is defined as the number of network traffic events involving the device of interest observed within a pre-specified time period. The behaviour of each device at normal state is modelled to depend on its observed historic behaviour. A number of statistical and machine learning approaches are explored for modelling this relationship and through a comparative study, the Quantile Regression Forests approach is found to have the best predictive power. Based on the prediction intervals of the Quantile Regression Forests an anomaly detection system is proposed that characterises as abnormal, any observed behaviour outside of these intervals. A series of experiments for contaminating normal device behaviour are presented for examining the performance of the anomaly detection system. Through the conducted analysis the proposed anomaly detection system is found to outperform two other detection systems. The presented work has been conducted on two enterprise networks.
AU  - Evangelou,M
AU  - Adams,N
DO  - 10.1016/j.cose.2020.101941
EP  - 10
PY  - 2020///
SN  - 0167-4048
SP  - 1
TI  - An anomaly detection framework for cyber-security data
T2  - Computers and Security
UR  - http://dx.doi.org/10.1016/j.cose.2020.101941
UR  - https://www.sciencedirect.com/science/article/pii/S0167404820302170
UR  - http://hdl.handle.net/10044/1/81055
VL  - 97
ER  -
Download