Anomaly Detection – Unsupervised Approach

Prepare and prevent, they say. In this paper our Data Science Group describes informational security risk identification by detecting anomalies, i.e. deviations from the typical pattern of network activity.

As a rule, the problem of detecting anomalies is mostly encountered in the context of different fields of application, including intrusion detection, fraud detection, failure detection, monitoring of system status, event detection in sensor networks, and ecosystem disorder indicators.

anomaly-detection

 

These processes may be spotted, for instance, due to the increased activity of certain ports, new unusual services, changes in a user’s work with network resources, etc.

One possible solution to this problem is the development of systems that identify unusual user network behavior, based on analysis of network activity logs. U sing data mining techniques, these systems reveal indicative behavior patterns and draw conclusions about behavior that differs from what’s considered conventional. The systems may though be self-adaptive, minimizing human involvement in configuring the system. Without taking into account an organization’s specifics, such systems are of particular interest to specialists in the field of machine learning and data mining.

In this paper our Data Science Group (DSG) describes informational security risk identification by detecting deviations from the typical pattern of network activity.

download pdf