Summaries - Office of Research & Innovation
Research Summaries
Back C-NC3 Detection, Estimation, and Modeling Performance Improvement
Fiscal Year | 2018 |
Division | Graduate School of Engineering & Applied Science |
Department | Electrical & Computer Engineering |
Investigator(s) | Bollmann, Chad A. |
Sponsor | Air Force Global Strike Command (Air Force) |
Summary |
The Gaussian distribution, possessing exponential tails, has been a mainstay of signal processing and anomaly detection applications for many decades. Per the Central Limit Theorem, sufficient sums of finite random variables (RVs) aggregate to a Gaussian RV. However, if the population is instead composed of RVs that possess power-law, or heavy, tails (i.e., are not finite), their sum is described by an ?-stable RV. This is the case for most random processes that are the sum of many individual random processes; thus, many aspects of computer network traffic can be more accurately modeled and estimated using ?-stable (vice Gaussian) methods. The same modeling and estimation concepts have been applied to improve the detection of anomalies (e.g., cyber attacks) in network traffic. Non-parametric, single-statistic detection implementations have been shown to improve detection accuracy by 3–8% over similar Gaussian methods. Contingency nuclear command, control, and communications (NC3) networks are expected to have many communications anomalies due to a contested, highly-variable environment and intermittent node connectivity. This research intends to refine the modeling, estimation, and detection (MED) techniques developed for computer network anomaly detection and investigate their extension and ability to improve NC3 network MED. |
Keywords | Detection Estimation alpha-stable modeling zero order statistics |
Publications | Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal |
Data | Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal |