• DocumentCode
    3437522
  • Title

    Continuous Monitoring of a Computer Network Using Multivariate Adaptive Estimation

  • Author

    Bodenham, Dean Adam ; Adams, Niall M.

  • Author_Institution
    Dept. of Math., Imperial Coll. London, London, UK
  • fYear
    2013
  • fDate
    7-10 Dec. 2013
  • Firstpage
    311
  • Lastpage
    318
  • Abstract
    Monitoring computer network traffic is a pressing problem in cyber-security. Such traffic can be represented as a data stream, an unending sequence of data points subject to unknown dynamics. This paper is concerned with statistical anomaly detection on such streams, where the detector must operate continuously without supervision. In this so-called continuous monitoring context, we develop a change detection methodology based on multivariate adaptive estimation that has the benefit of reducing the burden on the analyst to set the values of control parameters. This methodology is shown to have utility in simulated experiments, and is exercised on real NETFLOW data extracted from the Imperial College network.
  • Keywords
    adaptive estimation; computer network security; statistical analysis; telecommunication traffic; Imperial College network; NETFLOW data; change detection methodology; computer network traffic monitoring; continuous monitoring context; control parameters; cyber-security; data point sequence; data stream; multivariate adaptive estimation; statistical anomaly detection; Adaptive estimation; Computer networks; Detectors; Educational institutions; Equations; Mathematical model; Monitoring;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Data Mining Workshops (ICDMW), 2013 IEEE 13th International Conference on
  • Conference_Location
    Dallas, TX
  • Print_ISBN
    978-1-4799-3143-9
  • Type

    conf

  • DOI
    10.1109/ICDMW.2013.114
  • Filename
    6753936
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3437522