Robustness, although further work (with more data) is needed to fully explore this.Ībstract = "Network anomaly detection for enterprise cyber security is challenging for a number of reasons. The results also indicate that the additional structure in the FSA is important. With comparable results to standard Botnet detection methods.
Our results show that the FSA performs better than common classifier methods (FSA) with more structure, and show how these can be learned from normal network traffic alone. Markov Chain model with minimal behavioural structure and a Finite State Automata They are interpretable for the security analyst. Level of abstraction to provide robustness, in addition to being inherently intelligible as In this paper we investigate new methods for building anomaly detectors using interpretative behavioural models which, we argue, can capture “normal” behaviours at a suitable
Reasoning to support both the analysis of the alarms and necessary incident response. Which correspond to malicious behaviour and provide intelligible alarms that present their To be most useful, anĪnomaly detection algorithm should be robust in its performance as new types of malware appear: maintaining a low false positive rate but raising alarms at traffic patterns Network traffic is voluminous, noisy, and the notion of what traffic should beĬonsidered malicious changes over time as new malware appears. Network anomaly detection for enterprise cyber security is challenging for a number of
0 kommentar(er)
