Imperial college press all rights reserved may not be

Info icon This preview shows pages 93–95. Sign up to view the full content.

View Full Document Right Arrow Icon
Copyright © 2014. Imperial College Press. All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law. EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 2/16/2016 3:37 AM via CGC-GROUP OF COLLEGES (GHARUAN) AN: 779681 ; Heard, Nicholas, Adams, Niall M..; Data Analysis for Network Cyber-security Account: ns224671
Image of page 93

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
94 J. Neil, C. Storlie, C. Hash and A. Brugh Table 3.2. Detection statistics on star and caterpillar anomaly shapes comparing path and star scanning shapes. AEF (average edge frequency) is the average number of true anomalous edges per number of detected edges. PAD (percent anomalous detected) is the average percentage of the truly anomalous edges that were detected. GS (graph size) is the average size of the detected subgraph, which may contain many false edges. Standard errors are given in parentheses. Anomaly Type Scan Type AEF PAD GS Star Path 0.18(.02) 0.23(.03) 448.50(106.49) Star Star 1.00(.00) 1.00(.00) 43.02(.02) Cat A Path 0.01(.01) 0.79(.01) 3431.71(279.11) Cat A Star 0.02(.00) 0.19(.01) 62.42(4.06) Cat B Path 0.24(.01) 0.92(.01) 887.04(106.96) Cat B Star 1.00(.00) 1.00(.00) 134.02(.02) these first detection graphs are the only graphs we analyze in the results, since for any further windows in the day, the anomaly would not be present in the data after forensic analysis was performed. 3.5.1. A comparison of stars and paths As discussed above, a wide variety of simulations was performed for this chapter. We will focus on the differences between stars and paths, when the true anomaly is a star or a caterpillar. In Table 3.2, we present several statistics related to the detection of the anomalous subgraph. Cat A and B refer to the caterpillar shapes inserted, and correspond to subgraphs A and B of Figure 3.5. Star Anomaly. Referring to Table 3.2, it is clear that using star windows to scan a star anomaly is much more accurate than using paths. In fact, the star scan detected every true anomalous edge, and only those edges, for 99% of the days. Paths picked up some portion of the anomalous star, but at the cost of a much larger detected graph. Caterpillar Anomaly. Recall from Figure 3.5 that Cat A is a very light anomaly (only 11 edges) whose core is a very well-connected path. Path scanning detected the anomaly on the first window, but stars had a non- trivial time to first detection, as seen in Figure 3.6. While the AEF value was fairly low using paths, on average nearly the entire anomaly was detected. The star scan, on the other hand, consistently detected only one of the three stars in the caterpillar. The other two stars, and core path edges, were not detected at all by the star scan. Copyright © 2014. Imperial College Press. All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Image of page 94
Image of page 95
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern