Unsupervised Anomaly Detection Using a New Knowledge Graph Model for Network Activity and Events

被引：1

作者：

Quinan, Paulo Gustavo ^{[1
]}

Traore, Issa ^{[1
]}

Gondhi, Ujwal Reddy ^{[1
]}

Woungang, Isaac ^{[2
]}

机构：

[1] Univ Victoria, ECE Dept, Victoria, BC, Canada

[2] Ryerson Univ, Dept Comp Sci, Toronto, ON, Canada

来源：

MACHINE LEARNING FOR NETWORKING, MLN 2021 | 2022年 / 13175卷

关键词：

Anomaly detection; Graph database; Unsupervised machine learning; Intrusion detection system;

D O I：

10.1007/978-3-030-98978-1_8

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

The activity and event network (AEN) is a new knowledge graph used to develop and maintain a model for a whole network under monitoring and the relationships between the different network entities as they change through time. In this paper, we show how the AEN graph model can be used for threat identification by introducing an unsupervised anomaly detection model that leverages the probabilistic characteristics of the graph and the bits of meta rarity metric. A series of statistical features and underlying distributions are computed based on the graphical model of network activity and events. The anomaly scores of events are calculated by applying the bits of meta rarity to the aforementioned feature model and underlying distributions. Experimental evaluation is conducted a public cloud-based IDS yielding encouraging performance results.

引用

页码：117 / 130

页数：14

共 8 条

[1] Hypervisor-based cloud intrusion detection through online multivariate statistical change tracking [J].