Online Program Home
  My Program

Abstract Details

Activity Number: 141 - Statistical Analysis of Cyber-Security Data
Type: Invited
Date/Time: Monday, July 31, 2017 : 10:30 AM to 12:20 PM
Sponsor: Royal Statistical Society
Abstract #321948 View Presentation
Title: Adaptive Threshold Selection for Trust-Based Intrusion Detection Systems
Author(s): Younghun Chae and Natallia V Katenka* and Lisa DiPippo
Companies: University of Rhode Island and University of Rhode Island and University of Rhode Island
Keywords: anomaly detection ; outliers ; trust management ; adaptive threhold ; bipartite graph ; heavy-tailed distribution

Data analysis of complex behaviors, intrusion attacks and system failures inherent in the IT systems became one of the key strategies for ensuring the security of cyber assets. Data-driven anomaly detection methods can offer an appealing alternative to existing signature-based intrusion detection systems by capturing previously unseen attacks. In this project, we try to develop efficient rules that distinguish between normal and abnormal behavior in a given period and over time that can also adapt to relational and dynamic changes in the cyber environment. Specifically, we represent the network flow data as a bipartite graph and then adopt an outlier detection approach for heavy-tailed distributions to develop an adaptive threshold method for node behavior characterization. Further, we introduce a trust management scheme for aggregation of node behaviors over time and evaluation of overall node 'trustworthiness' over a full time period. Using the data collected by the European ISP and the University of Rhode Island, we demonstrate the superior performance and real-time applicability of the proposed adaptive threshold selection method for trust-based detection systems.

Authors who are presenting talks have a * after their name.

Back to the full JSM 2017 program

Copyright © American Statistical Association