BibTex format
@unpublished{Evangelou:2019,
author = {Evangelou, M},
publisher = {NA},
title = {An anomaly detection framework for cyber-security data},
year = {2019}
}
Publications
Citation
RIS format (EndNote, RefMan)
TY - UNPB
AB - Data-driven anomaly detection systems unrivalled potential as complementary defence systems to existing signature-based tools as the number of cyber attacks in- creases. In this manuscript we present an anomaly detection system that detects any abnormal deviations from the normal behaviour of an individual device. Device behaviour is defined as the number of network traffic events involving the device of interest observed within a pre-specified time period. The behaviour of each device at normal state is modelled to depend on its observed historic behaviour. A number of statistical and machine learning approaches are explored for modelling this rela- tionship and through a comparative study, the Quantile Regression Forests approach is found to have the best predictive power. Based on the prediction intervals of the Quantile Regression Forests an anomaly detection system is proposed that charac- terises as abnormal, any observed behaviour outside of these intervals. Through a series of experiments the proposed anomaly detection system is found to outper- form two other detection systems. The presented work has been conducted on two enterprise networks.
AU - Evangelou,M
PB - NA
PY - 2019///
TI - An anomaly detection framework for cyber-security data
ER -