General-purpose Unsupervised Cyber Anomaly Detection via Non-negative Tensor Factorization-Reference-Cited by-同舟云学术

General-purpose Unsupervised Cyber Anomaly Detection via Non-negative Tensor Factorization

Published:2023-03-07 Issue:1 Volume:4 Page:1-28
ISSN:2692-1626
Container-title:Digital Threats: Research and Practice
language:en
Short-container-title:Digital Threats

Author:

Eren Maksim E.¹^ORCID,Moore Juston S.¹^ORCID,Skau Erik²^ORCID,Moore Elisabeth²^ORCID,Bhattarai Manish³^ORCID,Chennupati Gopinath⁴^ORCID,Alexandrov Boian S.³^ORCID

Affiliation:

1. Advanced Research in Cyber Systems, Los Alamos National Laboratory, USA

2. Information Sciences, Los Alamos National Laboratory, USA

3. Theoretical Division, Los Alamos National Laboratory, USA

4. Alexa, Amazon, USA

Abstract

Distinguishing malicious anomalous activities from unusual but benign activities is a fundamental challenge for cyber defenders. Prior studies have shown that statistical user behavior analysis yields accurate detections by learning behavior profiles from observed user activity. These unsupervised models are able to generalize to unseen types of attacks by detecting deviations from normal behavior without knowledge of specific attack signatures. However, approaches proposed to date based on probabilistic matrix factorization are limited by the information conveyed in a two-dimensional space. Non-negative tensor factorization, however, is a powerful unsupervised machine learning method that naturally models multi-dimensional data, capturing complex and multi-faceted details of behavior profiles. Our new unsupervised statistical anomaly detection methodology matches or surpasses state-of-the-art supervised learning baselines across several challenging and diverse cyber application areas, including detection of compromised user credentials, botnets, spam e-mails, and fraudulent credit card transactions.

Funder

Information Science and Technology Institute at Los Alamos National Laboratory (LANL) through its Cyber Research school, by the Laboratory Directed Research and Development program of LANL

LANL Institutional Computing Program

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Computer Science Applications,Hardware and Architecture,Safety Research,Information Systems,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3519602

Reference65 articles.

1. 2019. Cost of a Data Breach Report . Technical Report. IBM. Retrieved from https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf.

2. 2019. Insider Threat Report . Technical Report. Verizon. 71 pages. Retrieved from https://enterprise.verizon.com/resources/reports/insider-threat-report/.

3. 2020. Cyber Espionage Report . Technical Report. Verizon. Retrieved from https://www.verizon.com/business/resources/reports/cyber-espionage-report/.

4. 2020. Data Breach Investigations Report 2020 . Technical Report. Verizon. Retrieved from https://enterprise.verizon.com/resources/reports/dbir/.

5. 2020. Mandiant Security Effectiveness Report . Technical Report. FireEye. Retrieved from https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Electrical Grid Anomaly Detection via Tensor Decomposition;MILCOM 2023 - 2023 IEEE Military Communications Conference (MILCOM);2023-10-30

2. Distributed out-of-memory NMF on CPU/GPU architectures;The Journal of Supercomputing;2023-09-08

3. User Behavior Analysis for Detecting Compromised User Accounts: A Review Paper;Cybernetics and Information Technologies;2023-09-01