DocumentCode :
175399
Title :
Adaptive Change Detection for Relay-Like Behaviour
Author :
Bodenham, Dean Adam ; Adams, Niall M.
Author_Institution :
Dept. of Math., Imperial Coll. London, London, UK
fYear :
2014
fDate :
24-26 Sept. 2014
Firstpage :
252
Lastpage :
255
Abstract :
Detecting anomalous behaviour in network flow data is challenging for a number of reasons, including both the computational demand associated with a large corporate network and the peculiar temporal characteristics of flow data. Relay-like behaviour refers to the rapid commencement of an out-going flow from a network device following the completion of an in-coming flow. This paper develops a computationally efficient and temporally adaptive methodology for detecting relay-like behaviour. The methodology is demonstrated on a real example of NETFLOW data. In addition to providing a detector, further uses of the methodology for combining anomalous events are discussed.
Keywords :
security of data; NETFLOW data; adaptive change detection; anomalous behaviour detection; in-coming flow; network device; network flow data; out-going flow; relay-like behaviour; Adaptive estimation; Context; Detectors; Educational institutions; Monitoring; Relays; Servers;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
Conference_Location :
The Hague
Print_ISBN :
978-1-4799-6363-8
Type :
conf
DOI :
10.1109/JISIC.2014.48
Filename :
6975585
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=175399
بازگشت