• DocumentCode
    175410
  • Title

    Modelling New Edge Formation in a Computer Network through Bayesian Variable Selection

  • Author

    Metelli, Silvia ; Heard, Nick

  • Author_Institution
    Imperial Coll. London, London, UK
  • fYear
    2014
  • fDate
    24-26 Sept. 2014
  • Firstpage
    272
  • Lastpage
    275
  • Abstract
    Anomalous connections in a computer network graph can be a signal of malicious behaviours. For instance, a compromised computer node tends to form a large number of new client edges in the network graph, connecting to server IP (Internet Protocol) addresses which have not previously been visited. This behaviour can be caused by malware (malicious software) performing a denial of service (DoS) attack, to cause disruption or further spread malware, alternatively, the rapid formation of new edges by a compromised node can be caused by an intruder seeking to escalate privileges by traversing through the host network. However, study of computer network flow data suggests new edges are also regularly formed by uninfected hosts, and often in bursts. Statistically detecting anomalous formation of new edges requires reliable models of the normal rate of new edges formed by each host. Network traffic data are complex, and so the potential number of variables which might be included in such a statistical model can be large, and without proper treatment this would lead to overfitting of models with poor predictive performance. In this paper, Bayesian variable selection is applied to a logistic regression model for new edge formation for the purpose of selecting the best subset of variables to include.
  • Keywords
    Bayes methods; belief networks; computer network security; invasive software; regression analysis; Bayesian variable selection; DoS attack; Internet protocol; anomalous formation detection; computer network flow data; computer network graph; denial of service attack; logistic regression model; malicious software; malware; network traffic data; new edge formation modelling; server IP address; Bayes methods; Computational modeling; IP networks; Input variables; Logistics; Protocols;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligence and Security Informatics Conference (JISIC), 2014 IEEE Joint
  • Conference_Location
    The Hague
  • Print_ISBN
    978-1-4799-6363-8
  • Type

    conf

  • DOI
    10.1109/JISIC.2014.53
  • Filename
    6975590