Cyber anomaly detection: Using tabulated vectors and embedded analytics for efficient data mining. Issue 4 (December 2018)
- Record Type:
- Journal Article
- Title:
- Cyber anomaly detection: Using tabulated vectors and embedded analytics for efficient data mining. Issue 4 (December 2018)
- Main Title:
- Cyber anomaly detection: Using tabulated vectors and embedded analytics for efficient data mining
- Authors:
- Gutierrez, Robert J
Bauer, Kenneth W
Boehmke, Bradley C
Saie, Cade M
Bihl, Trevor J - Abstract:
- Firewalls, especially at large organizations, process high velocity internet traffic and flag suspicious events and activities. Flagged events can be benign, such as misconfigured routers, or malignant, such as a hacker trying to gain access to a specific computer. Confounding this is that flagged events are not always obvious in their danger and the high velocity nature of the problem. Current work in firewall log analysis is manual intensive and involves manpower hours to find events to investigate. This is predominantly achieved by manually sorting firewall and intrusion detection/prevention system log data. This work aims to improve the ability of analysts to find events for cyber forensics analysis. A tabulated vector approach is proposed to create meaningful state vectors from time-oriented blocks. Multivariate and graphical analysis is then used to analyze state vectors in human–machine collaborative interface. Statistical tools, such as the Mahalanobis distance, factor analysis, and histogram matrices, are employed for outlier detection. This research also introduces the breakdown distance heuristic as a decomposition of the Mahalanobis distance, by indicating which variables contributed most to its value. This work further explores the application of the tabulated vector approach methodology on collected firewall logs. Lastly, the analytic methodologies employed are integrated into embedded analytic tools so that cyber analysts on the front-line can efficientlyFirewalls, especially at large organizations, process high velocity internet traffic and flag suspicious events and activities. Flagged events can be benign, such as misconfigured routers, or malignant, such as a hacker trying to gain access to a specific computer. Confounding this is that flagged events are not always obvious in their danger and the high velocity nature of the problem. Current work in firewall log analysis is manual intensive and involves manpower hours to find events to investigate. This is predominantly achieved by manually sorting firewall and intrusion detection/prevention system log data. This work aims to improve the ability of analysts to find events for cyber forensics analysis. A tabulated vector approach is proposed to create meaningful state vectors from time-oriented blocks. Multivariate and graphical analysis is then used to analyze state vectors in human–machine collaborative interface. Statistical tools, such as the Mahalanobis distance, factor analysis, and histogram matrices, are employed for outlier detection. This research also introduces the breakdown distance heuristic as a decomposition of the Mahalanobis distance, by indicating which variables contributed most to its value. This work further explores the application of the tabulated vector approach methodology on collected firewall logs. Lastly, the analytic methodologies employed are integrated into embedded analytic tools so that cyber analysts on the front-line can efficiently deploy the anomaly detection capabilities. … (more)
- Is Part Of:
- Journal of algorithms & computational technology. Volume 12:Issue 4(2018)
- Journal:
- Journal of algorithms & computational technology
- Issue:
- Volume 12:Issue 4(2018)
- Issue Display:
- Volume 12, Issue 4 (2018)
- Year:
- 2018
- Volume:
- 12
- Issue:
- 4
- Issue Sort Value:
- 2018-0012-0004-0000
- Page Start:
- 293
- Page End:
- 310
- Publication Date:
- 2018-12
- Subjects:
- Anomaly detection -- digital forensics -- Mahalanobis distance -- tabulated vectors
Computer algorithms -- Periodicals
Numerical calculations -- Periodicals
Computer algorithms
Numerical calculations
Periodicals
518.1 - Journal URLs:
- http://act.sagepub.com/ ↗
http://www.ingentaconnect.com/content/mscp/jact ↗
http://www.multi-science.co.uk/ ↗ - DOI:
- 10.1177/1748301818791503 ↗
- Languages:
- English
- ISSNs:
- 1748-3018
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8934.xml