Unsupervised streaming intrusion detection in cyber networks using network curvature
PI: Tyler Mccormick
Sponsor: Unsupervised streaming intrusion detection in cyber networks using network curvature
Project Period:
-
Amount: $50,366.00
Abstract
In the literature, the vast majority of online unsupervised anomaly detection algorithms for cyber-intrusion detection endeavor to quantify historic features of standard behavior and detect anomalies as observed events with radically different characteristics. Classical approaches compute empirical statistics, while others parametrically or non-parametrically learn the underlying probability distribution of standard events. Recent methodologies have seen the use of quantile regression, an approach that learns a percentile of univariate data at which a particular observation is seen with a certain probability. All methods determine anomalies as outlying events measured exceeding a computed discriminator yet cannot account for a cyber network's limited and/or highly nuanced history, rendering such approaches infeasible. On the other hand, the advent of highly efficient ML classification algorithms such as regression trees, quantile regression forests and auto-encoders, has seen increased efforts in the anomaly detection domain. While the unparalleled computational efficacy of such methods provides a favorable justification for their use in real-time applications, label requirements and interpretability issues of the computed metrics has led to their limited adoption in cybersecurity.