Robust PCA for Anomaly Detection in Cyber Networks
read the original abstract
This paper uses network packet capture data to demonstrate how Robust Principal Component Analysis (RPCA) can be used in a new way to detect anomalies which serve as cyber-network attack indicators. The approach requires only a few parameters to be learned using partitioned training data and shows promise of ameliorating the need for an exhaustive set of examples of different types of network attacks. For Lincoln Lab's DARPA intrusion detection data set, the method achieves low false-positive rates while maintaining reasonable true-positive rates on individual packets. In addition, the method correctly detected packet streams in which an attack which was not previously encountered, or trained on, appears.
This paper has not been read by Pith yet.
Forward citations
Cited by 3 Pith papers
-
ARTA: Adversarial-Robust Multivariate Time--Series Anomaly Detection via Sparsity-Constrained Perturbations
ARTA improves multivariate time-series anomaly detection robustness by jointly training a detector against sparsity-constrained adversarial perturbations generated on-the-fly.
-
PaAno: Patch-Based Representation Learning for Time-Series Anomaly Detection
PaAno uses patch-based 1D CNN embeddings trained with triplet and pretext losses to achieve state-of-the-art time-series anomaly detection on the TSB-AD benchmark for both univariate and multivariate data.
-
Matrix Profile for Anomaly Detection on Multidimensional Time Series
Extending Matrix Profile to multidimensional time series yields the only method among 19 baselines that maintains high anomaly detection performance across unsupervised, supervised, and semi-supervised regimes on 119 ...
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.