Online Program Home
  My Program

Abstract Details

Activity Number: 596 - Novel Statistical Approaches to Essential Cybersecurity Problems
Type: Invited
Date/Time: Thursday, August 3, 2017 : 8:30 AM to 10:20 AM
Sponsor: Section on Statistics in Defense and National Security
Abstract #322132 View Presentation
Title: Statistical Anomaly Detection Framework for Cyber-Security
Author(s): Marina Evangelou* and Niall Adams
Companies: Imperial College London and Imperial College
Keywords: anomaly detection ; cyber-security ; NetFlow ; device behaviour
Abstract:

Cyber attacks have emerged as a modern era 'epidemic'. Large enterprises must protect their network infrastructures and masses of private customer data while being attacked multiple times on a daily basis. Considering the risks of cyber attacks, enterprises are investing enormous amounts of money to apply tools, typically using signature-based methods, in order to defend their networks. However this is not enough. Cyber-security must strengthen its relationship with Statistics in order to exploit the vast amounts of data sources generated by the field. Statistical analysis of these data sources can lead to the development of statistical anomaly detection frameworks that can complement existing enterprise network defence systems.

NetFlow is one of the available data sources widely used for monitoring an enterprise network. We present an anomaly detection framework based on predicting individual device behaviour. Device behaviour, defined as the number of NetFlow events, is modeled to depend on the observed historic NetFlow events. Through a comprehensive analysis, the best predictive model is chosen and based on its findings an anomaly detection framework is built.


Authors who are presenting talks have a * after their name.

Back to the full JSM 2017 program

 
 
Copyright © American Statistical Association