Establishment and mapping of heterogeneous anomalies in network intrusion datasets

Authors

Liam Riddell, Edith Cowan UniversityFollow
Mohiuddin Ahmed, Edith Cowan UniversityFollow
Paul Haskell-Dowland, Edith Cowan UniversityFollow

Document Type

Journal Article

Publication Title

Connection Science

Volume

34

Issue

1

First Page

2755

Last Page

2783

Publisher

Taylor & Francis

School

School of Science

RAS ID

52973

Funders

Australian Government's Cooperative Research Centres Programme

Comments

Riddell, L., Ahmed, M., & Haskell-Dowland, P. (2022). Establishment and mapping of heterogeneous anomalies in network intrusion datasets. Connection Science, 34(1), 2755-2783. https://doi.org/10.1080/09540091.2022.2151568

Abstract

Anomaly detection in the scope of network security aims to identify network instances for the unexpected and unique, with various security operations employing such techniques to facilitate effective threat detection. However, many systems have been designed based on the absolute mapping of attacks to one of three anomaly types (i.e. point, collective, or contextual), a strategy not supported by the recent findings of hybrid anomaly classifications. Given the growing usage of network anomaly detection and the implications of hybrid anomalies, we propose several heterogeneous anomaly types and provide an unsupervised approach for the automated mapping of network threats. Initial findings on publicly available intrusion datasets support the existence of four unique heterogeneous anomaly types, providing unique insight regarding the next generation of network anomaly detection systems.

DOI

10.1080/09540091.2022.2151568

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.