This paper uses network packet capture data to demonstrate how Robust
Principal Component Analysis (RPCA) can be used in a new way to detect
anomalies which serve as cyber-network attack indicators. The approach requires
only a few parameters to be learned using partitioned training data and shows
promise of ameliorating the need for an exhaustive set of examples of different
types of network attacks. For Lincoln Lab's DARPA intrusion detection data set,
the method achieves low false-positive rates while maintaining reasonable
true-positive rates on individual packets. In addition, the method correctly
detected packet streams in which an attack which was not previously
encountered, or trained on, appears.
Beschreibung
Robust PCA for Anomaly Detection in Cyber Networks
%0 Generic
%1 paffenroth2018robust
%A Paffenroth, Randy
%A Kay, Kathleen
%A Servi, Les
%D 2018
%K algorithms anomaly-detection pca
%T Robust PCA for Anomaly Detection in Cyber Networks
%U http://arxiv.org/abs/1801.01571
%X This paper uses network packet capture data to demonstrate how Robust
Principal Component Analysis (RPCA) can be used in a new way to detect
anomalies which serve as cyber-network attack indicators. The approach requires
only a few parameters to be learned using partitioned training data and shows
promise of ameliorating the need for an exhaustive set of examples of different
types of network attacks. For Lincoln Lab's DARPA intrusion detection data set,
the method achieves low false-positive rates while maintaining reasonable
true-positive rates on individual packets. In addition, the method correctly
detected packet streams in which an attack which was not previously
encountered, or trained on, appears.
@misc{paffenroth2018robust,
abstract = {This paper uses network packet capture data to demonstrate how Robust
Principal Component Analysis (RPCA) can be used in a new way to detect
anomalies which serve as cyber-network attack indicators. The approach requires
only a few parameters to be learned using partitioned training data and shows
promise of ameliorating the need for an exhaustive set of examples of different
types of network attacks. For Lincoln Lab's DARPA intrusion detection data set,
the method achieves low false-positive rates while maintaining reasonable
true-positive rates on individual packets. In addition, the method correctly
detected packet streams in which an attack which was not previously
encountered, or trained on, appears.},
added-at = {2019-11-14T17:44:09.000+0100},
author = {Paffenroth, Randy and Kay, Kathleen and Servi, Les},
biburl = {https://www.bibsonomy.org/bibtex/2891110bb9ffd5a3db66a312de80c18c2/nonancourt},
description = {Robust PCA for Anomaly Detection in Cyber Networks},
interhash = {76ac44b08e0b4fe44ed910480576a8e5},
intrahash = {891110bb9ffd5a3db66a312de80c18c2},
keywords = {algorithms anomaly-detection pca},
note = {cite arxiv:1801.01571Comment: 10 pages, 8 figures},
timestamp = {2019-11-14T17:44:09.000+0100},
title = {Robust PCA for Anomaly Detection in Cyber Networks},
url = {http://arxiv.org/abs/1801.01571},
year = 2018
}