Internet Archive Scholar

Sequence Aggregation Rules for Anomaly Detection in Computer Network Traffic [article]

Benjamin J. Radford and Bartley D. Richardson and Shawn E. Davis
2018 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (4.9 MB)
https://web.archive.org/web/20200826175314/https://arxiv.org/pdf/1805.03735v2.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Other Versions

2018 pre-print
arXiv:1805.03735v1 fatcat:6jfhfhv3urgpvfi6s2fu7rhv64
We evaluate methods for applying unsupervised anomaly detection to cybersecurity applications on computer network traffic data, or flow. We borrow from the natural language processing literature and conceptualize flow as a sort of "language" spoken between machines. Five sequence aggregation rules are evaluated for their efficacy in flagging multiple attack types in a labeled flow dataset, CICIDS2017. For sequence modeling, we rely on long short-term memory (LSTM) recurrent neural networks
more » ... . Additionally, a simple frequency-based model is described and its performance with respect to attack detection is compared to the LSTM models. We conclude that the frequency-based model tends to perform as well as or better than the LSTM models for the tasks at hand, with a few notable exceptions.
arXiv:1805.03735v2 fatcat:epsjmiyp7zeqzdpq5oik5mpa54
Multiple Versions
Citation

Benjamin J. Radford and Bartley D. Richardson and Shawn E. Davis. "Sequence Aggregation Rules for Anomaly Detection in Computer Network Traffic." arXiv (2018)