TY - GEN
T1 - 2D2N
T2 - 16th IEEE Annual Consumer Communications and Networking Conference, CCNC 2019
AU - Flanagan, Kieran
AU - Fallon, Enda
AU - Jacob, Paul
AU - Awad, Abir
AU - Connolly, Paul
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/2/25
Y1 - 2019/2/25
N2 - The detection of new, novel attacks on organizational networks is a problem of ever-increasing relevance in today's society. Research in the area is focused on the detection of 'Zero-Day' and 'Black Swan' events through the use of machine learning technologies. Where previous technologies needed a known example of malicious behavior to detect a similar event, recent advances in anomaly detection on network activity has shown promise of detecting novel attacks. In a real word environment however, novel behavior occurs relatively frequently as users utilize new software applications and new standards in networking. Changes such as these, while of notable importance to network security technicians, may not present themselves as an imminent threat to a network. This paper proposes a novel method for the detection and classification of changes in networking behavior. Through the use of a Dynamic Degenerative Neural Network (2D2N), changes in recognizable user activity are dynamically classified and stored for future reference. Through the use of a time-based entropy function, infrequent activity can be analyzed and given precedence over frequent activity. This aids in the classification of abnormal activity for fast, efficient assessment by the relevant persons in an organization. The proposed method enables the detection, classification and scoring of any and all user activity on a network. Evaluation of the proposed method is based upon live data gathered from a large, multinational organization.
AB - The detection of new, novel attacks on organizational networks is a problem of ever-increasing relevance in today's society. Research in the area is focused on the detection of 'Zero-Day' and 'Black Swan' events through the use of machine learning technologies. Where previous technologies needed a known example of malicious behavior to detect a similar event, recent advances in anomaly detection on network activity has shown promise of detecting novel attacks. In a real word environment however, novel behavior occurs relatively frequently as users utilize new software applications and new standards in networking. Changes such as these, while of notable importance to network security technicians, may not present themselves as an imminent threat to a network. This paper proposes a novel method for the detection and classification of changes in networking behavior. Through the use of a Dynamic Degenerative Neural Network (2D2N), changes in recognizable user activity are dynamically classified and stored for future reference. Through the use of a time-based entropy function, infrequent activity can be analyzed and given precedence over frequent activity. This aids in the classification of abnormal activity for fast, efficient assessment by the relevant persons in an organization. The proposed method enables the detection, classification and scoring of any and all user activity on a network. Evaluation of the proposed method is based upon live data gathered from a large, multinational organization.
KW - Convolutional Neural Network
KW - Image Change Detection
KW - NetFlow Analysis
KW - Network Security
UR - http://www.scopus.com/inward/record.url?scp=85063423739&partnerID=8YFLogxK
U2 - 10.1109/CCNC.2019.8651695
DO - 10.1109/CCNC.2019.8651695
M3 - Conference contribution
AN - SCOPUS:85063423739
SN - 9781538655535
T3 - 2019 16th IEEE Annual Consumer Communications and Networking Conference, CCNC 2019
BT - 2019 16th IEEE Annual Consumer Communications and Networking Conference, CCNC 2019
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 11 January 2019 through 14 January 2019
ER -