Imperial College London

Professor Nick Heard

Faculty of Natural SciencesDepartment of Mathematics

Chair in Statistics



+44 (0)20 7594 1490n.heard Website




543Huxley BuildingSouth Kensington Campus






BibTex format

author = {Rubin-Delanchy, P and Lawson, DJ and Heard, NA},
booktitle = {Dynamic Networks and Cyber-Security},
doi = {10.1142/9781786340757_0006},
pages = {137--156},
title = {Anomaly detection for cyber security applications},
url = {},
year = {2016}

RIS format (EndNote, RefMan)

AB - © 2016 by World Scientific Publishing Europe Ltd. All rights reserved. In this chapter, we outline a general modus operandi under which to perform intrusion detection at scale. The over-arching principle is this: A network monitoring tool has access to large stores of data on which it can learn 'normal' network behaviour. On the other hand, data on intrusions are relatively rare. This imbalance invites us to frame intrusion detection as an anomaly detection problem where, under the null hypothesis that there is no intrusion, the data follow a machine-learnt model of behaviour, and, under the alternative that there is some form of intrusion, certain anomalies in that model will be apparent. This approach to cyber security poses some important statistical challenges. One is simply modelling and doing inference with such large-scale and heterogeneous data. Another is performing anomaly detection when the null hypothesis comprises a complex model. Finally, a key problem is combining different anomalies through time and across the network.
AU - Rubin-Delanchy,P
AU - Lawson,DJ
AU - Heard,NA
DO - 10.1142/9781786340757_0006
EP - 156
PY - 2016///
SN - 9781786340740
SP - 137
TI - Anomaly detection for cyber security applications
T1 - Dynamic Networks and Cyber-Security
UR -
ER -