Abstract | ||
---|---|---|
We evaluate methods for applying unsupervised anomaly detection to cybersecurity applications on computer network traffic data, or flow. We borrow from the natural processing literature and conceptualize flow as a sort of language spoken between machines. Five sequence aggregation rules are evaluated for their efficacy in flagging multiple attack types in a labeled flow dataset, CICIDS2017. For sequence modeling, we rely on long short-term memory (LSTM) recurrent neural networks (RNN). Additionally, a simple frequency-based model is described and its performance with respect to attack detection is compared to the LSTM models. We conclude that the frequency-based model tends to perform as well as or better than the LSTM models for the tasks at hand, with a few notable exceptions. |
Year | Venue | Field |
---|---|---|
2018 | arXiv: Cryptography and Security | Anomaly detection,Attack model,Flagging,Computer science,sort,Computer network,Recurrent neural network,Sequence modeling |
DocType | Volume | Citations |
Journal | abs/1805.03735 | 0 |
PageRank | References | Authors |
0.34 | 0 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Benjamin J. Radford | 1 | 1 | 1.42 |
Bartley D. Richardson | 2 | 0 | 0.68 |
Shawn E. Davis | 3 | 0 | 0.68 |