Abstract
The activity and event network (AEN) is a new knowledge graph used to develop and maintain a model for a whole network under monitoring and the relationships between the different network entities as they change through time. In this paper, we show how the AEN graph model can be used for threat identification by introducing an unsupervised anomaly detection model that leverages the probabilistic characteristics of the graph and the bits of meta rarity metric. A series of statistical features and underlying distributions are computed based on the graphical model of network activity and events. The anomaly scores of events are calculated by applying the bits of meta rarity to the aforementioned feature model and underlying distributions. Experimental evaluation is conducted a public cloud-based IDS yielding encouraging performance results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aldribi, A., Traore, I., Moa, B.: Data sources and datasets for cloud intrusion detection modeling and evaluation. In: Mishra, B.S.P., Das, H., Dehuri, S., Jagadev, A.K. (eds.) Cloud Computing for Optimization: Foundations, Applications, and Challenges. SBD, vol. 39, pp. 333–366. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-73676-1_13
Aldribi, A., Traore, I., Moa, B.: Hypervisor-based cloud intrusion detection through online multivariate statistical change tracking. Comput. Secur. 88, 101646 (2020)
Ferragut, E., Laska, J., Bridges, R.: A new, principled approach to anomaly detection. In: Proceedings of the 2012 11th International Conference on Machine Learning and Applications (ICMLA 2012) (2012)
Giura, P., Wang, W.: A context-based detection framework for advanced persistent threats. In: 2012 International Conference on Cyber Security, December 2012, pp. 69–74
Luh, R., Marschalek, S., Kaiser, M., Janicke, H., Schrittwieser, S.: Semantics-aware detection of targeted attacks: a survey. J. Comput. Virol. Hack. Techniq. 13(1), 47–85 (2017)
Sommer, R., Paxson, V.: Outside the closed world: on using machine learning for network intrusion detection. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP 2010), Washington, 2010, pp. 305–316. IEEE Computer Society (2010)
Tandon, G., Chan, P.K.: Tracking user mobility to detect suspicious behavior. In: Proceedings of the 2009 SIAM International Conference on Data Mining, pp. 871–882 (2009)
Traore, I., Quinan, P.G., Yousef, W.: The activity and event network (AEN) model: graph elements and construction. Technical report, ISOT lab, ECE Department, University of Victoria (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Quinan, P.G., Traore, I., Gondhi, U.R., Woungang, I. (2022). Unsupervised Anomaly Detection Using a New Knowledge Graph Model for Network Activity and Events. In: Renault, É., Boumerdassi, S., Mühlethaler, P. (eds) Machine Learning for Networking. MLN 2021. Lecture Notes in Computer Science, vol 13175. Springer, Cham. https://doi.org/10.1007/978-3-030-98978-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-98978-1_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98977-4
Online ISBN: 978-3-030-98978-1
eBook Packages: Computer ScienceComputer Science (R0)