Research Summaries

Back Cyber System Assurance through Improved Network Anomaly Modeling and Detection

Fiscal Year 2019
Division Research & Sponsored Programs
Department NPS Naval Research Program
Investigator(s) Bollmann, Chad A.
Sponsor NPS Naval Research Program (Navy)
Summary Applying non-Gaussian (and, specifically, alpha-stable) assumptions in statistical network anomaly detection has been shown to improve network traffic modeling and anomaly detection accuracy by 3-8% over equivalent Gaussian approaches and state-of-the-practice methods. This proposal leverages the PI’s previous and continuing research into alpha-stable statistical methods to identify faster and more accurate techniques for computer network defense (CND).

Alpha-stable implementations have the potential to enable more accurate parametric and traffic-adaptive detection systems. The first objective of this proposal is to investigate, refine, and quantify the accuracy improvements of truly adaptive innovations such as sub-window optimization.These results will be used to accomplish our second objective.
Specific questions and milestones include:
- Quantifying the magnitude and consistency of detection accuracy gains from adaptive subwindows.
- Identifying other traffic features that affect detection accuracy and could enable additional adaptive methods.

The second objective is to develop and refine parametric methods of modeling network traffic and detecting anomalies. We also seek to identify combinations of parameters that may enable classification of an attack in conjunction with detection.
Specific questions and milestones include:
- Identifying optimal parameters and combinations for detecting different types of attacks.
- Quantifying the achievable accuracy and real-time capabilities of parametric detectors.
- Differentiating the impacts of different types of attacks and assessing whether these differences can be used to classify attacks in terms of attacks or intensity.

Deliverables: Project outbrief, detailed report, and code developed as part of the research.
Keywords
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal