Imperial College London

Professor Nick Heard

Faculty of Natural SciencesDepartment of Mathematics

Chair in Statistics
 
 
 
//

Contact

 

+44 (0)20 7594 1490n.heard Website

 
 
//

Location

 

543Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@inbook{Heard:2014:10.1142/9781783263752_0006,
author = {Heard, NA and Turcotte, MJ},
booktitle = {Data Analysis for Network Cyber-Security},
doi = {10.1142/9781783263752_0006},
pages = {151--188},
title = {Monitoring a device in a communication network},
url = {http://dx.doi.org/10.1142/9781783263752_0006},
year = {2014}
}

RIS format (EndNote, RefMan)

TY  - CHAP
AB - © 2014 by Imperial College Press. Anomalous connectivity levels in a communication graph can be indicative of prohibited or malicious behaviour. Detecting anomalies in large graphs, such as telecommunication networks or corporate computer networks, requires techniques which are computationally fast and ideally parallelisable, and this puts a limit on the level of sophistication which can be used in modelling the entire graph. Here, methods are presented for detecting locally anomalous substructures based on simple node and edge-based statistical models. This can be viewed as an initial screening stage for identifying candidate anomalies, which could then be investigated with more sophisticated tools. The focus is on monitoring diverse features of the same data stream emanating from a single communicating device within the network, using conditionally independent probability models. Whilst all of the models considered are purposefully very simple, their practical implementation touches on a diverse range of topics, including conjugate Bayesian inference, reversible jump Markov chain Monte Carlo, sequential Monte Carlo, Markov jump processes, Markov chains, density estimation, changepoint analysis, discrete p-values and control charts.
AU - Heard,NA
AU - Turcotte,MJ
DO - 10.1142/9781783263752_0006
EP - 188
PY - 2014///
SN - 9781783263745
SP - 151
TI - Monitoring a device in a communication network
T1 - Data Analysis for Network Cyber-Security
UR - http://dx.doi.org/10.1142/9781783263752_0006
ER -