Presentation av examensarbete
Jerry Liu och Martin Eriksson: Finding a Needle in a Stack of Logs: A survey of network anomaly detection techniques and a proof of concept for an unsupervised model applicable to large data sets
Abstract: Anomaly detection in networks can provide invaluable information to the network administrator or forensic information for network security analysts. We review the viability of a large set of methods for Netflow anomaly detection using knowledge from statistics, information- and graph-theory. We asses how well these methods fit our project aim and requirements such as being able to detect and extract anomalies in a network producing over 100 million flows each day. A method that fits these requirements is selected for further improvements. The method is unsupervised, and relies on pseudo-random projections of the feature-space into multiple significantly smaller spaces. The distribution in each space is continuously monitored and any activity that significantly changes these distributions will trigger a detection. We show how this method can be run in real-time with a low false-positive rate and high detection rate.
Handledare: Rebecka Jörnsten
MV:H11, Hörsalsvägen 1