Leveraging a Probabilistic PCA Model to Understand the Multivariate Statistical Network Monitoring Framework for Network Security Anomaly Detection

02/02/2023
by   Fernando Pérez-Bueno, et al.
0

Network anomaly detection is a very relevant research area nowadays, especially due to its multiple applications in the field of network security. The boost of new models based on variational autoencoders and generative adversarial networks has motivated a reevaluation of traditional techniques for anomaly detection. It is, however, essential to be able to understand these new models from the perspective of the experience attained from years of evaluating network security data for anomaly detection. In this paper, we revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view, and contribute a mathematical model that relates them. Specifically, we start with the probabilistic PCA model and explain its connection to the Multivariate Statistical Network Monitoring (MSNM) framework. MSNM was recently successfully proposed as a means of incorporating industrial process anomaly detection experience into the field of networking. We have evaluated the mathematical model using two different datasets. The first, a synthetic dataset created to better understand the analysis proposed, and the second, UGR'16, is a specifically designed real-traffic dataset for network security anomaly detection. We have drawn conclusions that we consider to be useful when applying generative models to network security detection.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
10/16/2020

On the Usage of Generative Models for Network Anomaly Detection in Multivariate Time-Series

Despite the many attempts and approaches for anomaly detection explored ...
research
08/08/2021

Ensemble neuroevolution based approach for multivariate time series anomaly detection

Multivariate time series anomaly detection is a very common problem in t...
research
02/19/2019

Anomaly Detection with Adversarial Dual Autoencoders

Semi-supervised and unsupervised Generative Adversarial Networks (GAN)-b...
research
10/15/2019

The Value of Summary Statistics for Anomaly Detection in Temporally-Evolving Networks: A Performance Evaluation Study

Network data has emerged as an active research area in statistics. Much ...
research
12/01/2019

An Anomaly Contribution Explainer for Cyber-Security Applications

In this paper, we introduce Anomaly Contribution Explainer or ACE, a too...
research
09/08/2019

Shapley Values of Reconstruction Errors of PCA for Explaining Anomaly Detection

We present a method to compute the Shapley values of reconstruction erro...
research
11/12/2018

Adversarial Learning-Based On-Line Anomaly Monitoring for Assured Autonomy

The paper proposes an on-line monitoring framework for continuous real-t...

Please sign up or login with your details

Forgot password? Click here to reset