Publications

BibTex format

@inbook{Rubin-Delanchy:2016:10.1142/9781786340757_0006,
author = {Rubin-Delanchy, P and Lawson, DJ and Heard, NA},
booktitle = {Dynamic Networks and Cyber-Security},
doi = {10.1142/9781786340757_0006},
pages = {137--156},
title = {Anomaly detection for cyber security applications},
url = {http://dx.doi.org/10.1142/9781786340757_0006},
year = {2016}
}

Download

RIS format (EndNote, RefMan)

TY  - CHAP
AB  - In this chapter, we outline a general modus operandi under which to perform intrusion detection at scale. The over-arching principle is this: A network monitoring tool has access to large stores of data on which it can learn 'normal' network behaviour. On the other hand, data on intrusions are relatively rare. This imbalance invites us to frame intrusion detection as an anomaly detection problem where, under the null hypothesis that there is no intrusion, the data follow a machine-learnt model of behaviour, and, under the alternative that there is some form of intrusion, certain anomalies in that model will be apparent. This approach to cyber security poses some important statistical challenges. One is simply modelling and doing inference with such large-scale and heterogeneous data. Another is performing anomaly detection when the null hypothesis comprises a complex model. Finally, a key problem is combining different anomalies through time and across the network.
AU  - Rubin-Delanchy,P
AU  - Lawson,DJ
AU  - Heard,NA
DO  - 10.1142/9781786340757_0006
EP  - 156
PY  - 2016///
SN  - 9781786340740
SP  - 137
TI  - Anomaly detection for cyber security applications
T1  - Dynamic Networks and Cyber-Security
UR  - http://dx.doi.org/10.1142/9781786340757_0006
ER  -

Download

Professor Nick Heard

Contact

Location

Summary

Citation

BibTex format

RIS format (EndNote, RefMan)