Network-wide anomaly detection via the Dirichlet process
暂无分享,去创建一个
Statistical anomaly detection techniques provide the next layer of cyber-security defences below traditional signature-based approaches. This article presents a scalable, principled, probability-based technique for detecting outlying connectivity behaviour within a directed interaction network such as a computer network. Independent Bayesian statistical models are fit to each message recipient in the network using the Dirichlet process, which provides a tractable, conjugate prior distribution for an unknown discrete probability distribution. The method is shown to successfully detect a red team attack in authentication data obtained from the enterprise network of Los Alamos National Laboratory.
[1] Alexander D. Kent,et al. Comprehensive, Multi-Source Cyber-Security Events Data Set , 2015 .
[2] T. Ferguson. A Bayesian Analysis of Some Nonparametric Problems , 1973 .
[3] Joshua Neil,et al. Detecting Localised Anomalous Behaviour in a Computer Network , 2014, IDA.
[4] Curtis B. Storlie,et al. Scan Statistics for the Online Detection of Locally Anomalous Subgraphs , 2013, Technometrics.