Robust PCA for Anomaly Detection in Cyber Networks
نویسندگان
چکیده
This paper uses network packet capture data to demonstrate how Robust Principal Component Analysis (RPCA) can be used in a new way to detect anomalies which serve as cyber-network attack indicators. The approach requires only a few parameters to be learned using partitioned training data and shows promise of ameliorating the need for an exhaustive set of examples of different types of network attacks. For Lincoln Labs DARPA intrusion detection data set, the method achieves low false-positive rates while maintaining reasonable truepositive rates on individual packets. In addition, the method correctly detected packet streams in which an attack which was not previously encountered, or trained on, appears.
منابع مشابه
Dynamic anomaly detection by using incremental approximate PCA in AODV-based MANETs
Mobile Ad-hoc Networks (MANETs) by contrast of other networks have more vulnerability because of having nature properties such as dynamic topology and no infrastructure. Therefore, a considerable challenge for these networks, is a method expansion that to be able to specify anomalies with high accuracy at network dynamic topology alternation. In this paper, two methods proposed for dynamic anom...
متن کاملRobust Methods for Unsupervised PCA-based Anomaly Detection
The paper discusses the need for robust unsupervised anomaly detection. We focus on an approach that employs robust principal component analysis (PCA) to detect malicious behaviour. By using robust PCA, we can overcome the problem that we have to have enough anomaly–free data in the training phase of a detection system.
متن کاملCyber Security Network Anomaly Detection and Visualization
In this Major Qualifying Project, we present a novel anomaly detection system for computer networks and a visualization system to help users explore network captures. The detection algorithm uses Robust Principal Component Analysis to produce a lower dimensional subspace of the original data for which a sparse matrix of outliers occurs. This low dimensional data subspace is determined by a nove...
متن کاملRobust, Deep and Inductive Anomaly Detection
PCA is a classical statistical technique whose simplicity and maturity has seen it find widespread use as an anomaly detection technique. However, it is limited in this regard by being sensitive to gross perturbations of the input, and by seeking a linear subspace that captures normal behaviour. The first issue has been dealt with by robust PCA, a variant of PCA that explicitly allows for some ...
متن کاملAnomaly Detection Using Generic Machine Learning Approach With a Case Study of Awareness
Security of computer systems and information in flow is essential to acceptance for every network user utilities Now the standalone computer and internets are exposed to an increasing number of security threats with new types of attacks continuously appearing. For this to develop a robust, flexible and adaptive security oriented approaches is a severe challenge. In this context, anomaly based i...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1801.01571 شماره
صفحات -
تاریخ انتشار 2018