Document Type
Journal Article
Publication Title
Connection Science
Volume
34
Issue
1
First Page
2755
Last Page
2783
Publisher
Taylor & Francis
School
School of Science
RAS ID
52973
Funders
Australian Government's Cooperative Research Centres Programme
Abstract
Anomaly detection in the scope of network security aims to identify network instances for the unexpected and unique, with various security operations employing such techniques to facilitate effective threat detection. However, many systems have been designed based on the absolute mapping of attacks to one of three anomaly types (i.e. point, collective, or contextual), a strategy not supported by the recent findings of hybrid anomaly classifications. Given the growing usage of network anomaly detection and the implications of hybrid anomalies, we propose several heterogeneous anomaly types and provide an unsupervised approach for the automated mapping of network threats. Initial findings on publicly available intrusion datasets support the existence of four unique heterogeneous anomaly types, providing unique insight regarding the next generation of network anomaly detection systems.
DOI
10.1080/09540091.2022.2151568
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Comments
Riddell, L., Ahmed, M., & Haskell-Dowland, P. (2022). Establishment and mapping of heterogeneous anomalies in network intrusion datasets. Connection Science, 34(1), 2755-2783. https://doi.org/10.1080/09540091.2022.2151568