Abstract:
|
In cyber networks, relationships between entities, such as users interacting with computers, or system libraries and the corresponding processes that use them can provide key insights into adversary behaviour. Many cyber attack behaviours create new links between such entities - previously unobserved relationships. A probabilistic latent feature model is presented to predict the formation of new edges between entities in computer networks enabling anomaly scores to be assigned to new link formations over time. In particular, the Poisson matrix factorization model is extended to include known covariates about each entity or node. Results show that the including known covariates about each entity can improve predictive performance enhancing anomaly detection capabilities.
|