Abstract:
|
Data analysis of complex behaviors, intrusion attacks and system failures inherent in the IT systems became one of the key strategies for ensuring the security of cyber assets. Data-driven anomaly detection methods can offer an appealing alternative to existing signature-based intrusion detection systems by capturing previously unseen attacks. In this project, we try to develop efficient rules that distinguish between normal and abnormal behavior in a given period and over time that can also adapt to relational and dynamic changes in the cyber environment. Specifically, we represent the network flow data as a bipartite graph and then adopt an outlier detection approach for heavy-tailed distributions to develop an adaptive threshold method for node behavior characterization. Further, we introduce a trust management scheme for aggregation of node behaviors over time and evaluation of overall node 'trustworthiness' over a full time period. Using the data collected by the European ISP and the University of Rhode Island, we demonstrate the superior performance and real-time applicability of the proposed adaptive threshold selection method for trust-based detection systems.
|