DocumentCode :
175397
Title :
Statistical Frameworks for Detecting Tunnelling in Cyber Defence Using Big Data
Author :
Lawson, Daniel J. ; Rubin-Delanchy, Patrick ; Heard, Nick ; Adams, Niall M.
Author_Institution :
Sch. of Math., Univ. of Bristol, Bristol, UK
fYear :
2014
fDate :
24-26 Sept. 2014
Firstpage :
248
Lastpage :
251
Abstract :
How can we effectively use costly statistical models in the defence of large computer networks? Statistical modelling and machine learning are potentially powerful ways to detect threats as they do not require a human level understanding of the attack. However, they are rarely applied in practice as the computational cost of deploying all but the most simple algorithms can become implausibly large. Here we describe a multilevel approach to statistical modelling in which descriptions of the normal running of the network are built up from the lower netflow level to higher-level sessions and graph-level descriptions. Statistical models at low levels are most capable of detecting the unusual activity that might be a result of malicious software or hackers, but are too costly to run over the whole network. We develop a fast algorithm to identify tunnelling behaviour at the session level using ´telescoping´ of sessions containing other sessions, and demonstrate that this allows a statistical model to be run at scale on netflow timings. The method is applied to a toy dataset using an artificial ´attack´.
Keywords :
Big Data; computer network security; graph theory; learning (artificial intelligence); statistical analysis; artificial attack; big data; computational cost; computer networks; cyber defence; graph-level descriptions; higher-level sessions; machine learning; malicious software; netflow timings; session telescoping; statistical frameworks; statistical modelling; tunnelling; Big data; Computational modeling; Correlation; Data models; Educational institutions; Image edge detection; Tunneling;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
Conference_Location :
The Hague
Print_ISBN :
978-1-4799-6363-8
Type :
conf
DOI :
10.1109/JISIC.2014.47
Filename :
6975584
Link To Document :
بازگشت