Ebsco publishing ebook collection ebscohost printed

Info icon This preview shows pages 94–96. Sign up to view the full content.

View Full Document Right Arrow Icon
EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 2/16/2016 3:37 AM via CGC-GROUP OF COLLEGES (GHARUAN) AN: 779681 ; Heard, Nicholas, Adams, Niall M..; Data Analysis for Network Cyber-security Account: ns224671
Image of page 94

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Statistical Detection of Intruders Within Computer Networks 95 Fig. 3.6. Caterpillar A time to detection. The x -axis is in minutes from the beginning of the anomaly. Cat B is a much heavier anomaly, involving every out edge of core Path B, for a total of 174 edges. But Path B is much more lightly connected in the graph, and therefore far fewer paths run through the anomaly than Path A. We might expect path scanning to suffer, as a result. However, path scanning performed even better than it did for Cat A, detecting more truly anomalous edges on average, and fewer falsely detected edges. Fewer false edges can be explained by the fact that fewer paths were inspected, but better detection of the true anomaly has to do with the difference between historic and anomalous parameters on the true anomaly. This is clear from looking at the historic versus anomalous parameter values, but since there were 174 sets of parameters to compare, we omit this analysis. Next, we will discuss visualizations of the detected graphs. A detection using path scans corresponds to the union of every path that had a p -value smaller than the false discovery rate (FDR) threshold. Paths may overlap on a set of edges, and so for each detected graph we can count the number of times each edge appears in any detected path. This count can then be used to color edges in a heat map of the detection. A heat map resulting from using a path shape on the anomaly given by Caterpillar A is presented in Figure 3.7. On the left, we see Caterpillar A embedded in its 1-hop containing graph (i.e., all edges emanating from the nodes in the caterpillar). On the right, we see the path-scan heat map of a single detected window. The core path is brightly colored, as these edges were detected very frequently. In addition, while some edges may be dim, for this detection at least, every true anomalous edge is present in this detection graph. These colors not only give the analyst an ordering of importance of the edges, but also provide an overall view of the structure of the anomaly. It additionally highlights the ability of paths to form more general shapes of detection than just the core shape. To contrast with the visualization in Figure 3.7, in Figure 3.8 we provide a visualization produced by using a star-shaped window to scan the same Caterpillar A anomaly. One can see that most of the anomalous edges were Copyright © 2014. Imperial College Press. All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law.
Image of page 95
Image of page 96
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern