Imperial College London
Portrait Picture

Professor Nick Heard

Faculty of Natural SciencesDepartment of Mathematics

Chair in Statistics
 
 
 
//

Contact

 

+44 (0)20 7594 1490n.heard Website

 
 
//

Location

 

543Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@inproceedings{Metelli:2016:10.1109/ISI.2016.7745449,
author = {Metelli, S and Heard, NA},
doi = {10.1109/ISI.2016.7745449},
publisher = {IEEE},
title = {Model-based clustering and new edge modelling in large computer networks},
url = {http://dx.doi.org/10.1109/ISI.2016.7745449},
year = {2016}
}
Download

RIS format (EndNote, RefMan)

TY  - CPAPER
AB  - Computer networks are complex and the analysis of their structure in search for anomalous behaviour is both a challenging and important task for cyber security. For instance, new edges, i.e. connections from a host or user to a computer that has not been connected to before, provide potentially strong statistical evidence for detecting anomalies. Unusual new edges can sometimes be indicative of both legitimate activity, such as automated update requests permitted by the client, and illegitimate activity, such as denial of service (DoS) attacks to cause service disruption or intruders escalating privileges by traversing through the host network. In both cases, capturing and accumulating evidence of anomalous new edge formation represents an important security application. Computer networks tend to exhibit an underlying cluster structure, where nodes are naturally grouped together based on similar connection patterns. What constitutes anomalous behaviour may strongly differ between clusters, so inferring these peer groups constitutes an important step in modelling the types of new connections a user would make. In this article, we present a two-step Bayesian statistical method aimed at clustering similar users inside the network and simultaneously modelling new edge activity, exploiting both overall-level and cluster-level covariates.
AU  - Metelli,S
AU  - Heard,NA
DO  - 10.1109/ISI.2016.7745449
PB  - IEEE
PY  - 2016///
TI  - Model-based clustering and new edge modelling in large computer networks
UR  - http://dx.doi.org/10.1109/ISI.2016.7745449
UR  - http://hdl.handle.net/10044/1/42762
ER  -
Download