Affiliation:
1. Computer Science Department, Western Washington University, Bellingham, WA 98225, USA
Abstract
Network anomaly detection solutions can analyze a network’s data volume by protocol over time and can detect many kinds of cyberattacks such as exfiltration. We use exponential random graph models (ERGMs) in order to flatten hourly network topological characteristics into a time series, and Autoregressive Moving Average (ARMA) to analyze that time series and to detect potential attacks. In particular, we extend our previous method in not only demonstrating detection over hourly data but also through labeling of nodes and over the HTTP protocol. We demonstrate the effectiveness of our method using real-world data for creating exfiltration scenarios. We highlight how our method has the potential to provide a useful description of what is happening in the network structure and how this can assist cybersecurity analysts in making better decisions in conjunction with existing intrusion detection systems. Finally, we describe some strengths of our method, its accuracy based on the right selection of parameters, as well as its low computational requirements.
Subject
General Earth and Planetary Sciences,General Environmental Science
Reference29 articles.
1. Apache Struts 2: How technical and development gaps caused the Equifax Breach;Luszcz;Netw. Secur.,2018
2. Kbvresearch (2023, April 24). Global Data Exfiltration Protection Market Size to Reach 99.3 billion by 2024. Available online: https://www.kbvresearch.com/news/data-exfiltration-protection-market-size/.
3. Network Anomaly Detection: Methods, Systems and Tools;Bhuyan;IEEE Commun. Surv. Tutor.,2014
4. A comprehensive survey on network anomaly detection;Fernandes;Telecommun. Syst.,2019
5. A survey of deep learning-based network anomaly detection;Kwon;Clust. Comput.,2019
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献