Title :
Continuous Monitoring of a Computer Network Using Multivariate Adaptive Estimation
Author :
Bodenham, Dean Adam ; Adams, Niall M.
Author_Institution :
Dept. of Math., Imperial Coll. London, London, UK
Abstract :
Monitoring computer network traffic is a pressing problem in cyber-security. Such traffic can be represented as a data stream, an unending sequence of data points subject to unknown dynamics. This paper is concerned with statistical anomaly detection on such streams, where the detector must operate continuously without supervision. In this so-called continuous monitoring context, we develop a change detection methodology based on multivariate adaptive estimation that has the benefit of reducing the burden on the analyst to set the values of control parameters. This methodology is shown to have utility in simulated experiments, and is exercised on real NETFLOW data extracted from the Imperial College network.
Keywords :
adaptive estimation; computer network security; statistical analysis; telecommunication traffic; Imperial College network; NETFLOW data; change detection methodology; computer network traffic monitoring; continuous monitoring context; control parameters; cyber-security; data point sequence; data stream; multivariate adaptive estimation; statistical anomaly detection; Adaptive estimation; Computer networks; Detectors; Educational institutions; Equations; Mathematical model; Monitoring;
Conference_Titel :
Data Mining Workshops (ICDMW), 2013 IEEE 13th International Conference on
Conference_Location :
Dallas, TX
Print_ISBN :
978-1-4799-3143-9
DOI :
10.1109/ICDMW.2013.114
