Abstract:
|
Increasingly, the detection of anomalous web traffic is becoming a critical task for businesses and governments. Many recent innovations to detect anomalies in network traffic rely on deep learning techniques. These deep learning techniques are computationally intensive in training and scoring, and less intensive models are of interest to many organizations with lower compute resources. To address this, we apply Continuous Time Markov Chain models (CTMC) to identify anomalous network traffic. CTMC models can be quickly and efficiently trained and scored on streaming data to identify anomalous network traffic at the packet level, enabling network operators to deploy this type of model for anomalous traffic identification. We illustrate the use of CTMC models and construct a likelihood ratio test, and show performance results on web traffic data.
|