Abstract
Anomaly detection in the scope of network security aims to identify network instances for the unexpected and unique, with various security operations employing such techniques to facilitate effective threat detection. However, many systems have been designed based on the absolute mapping of attacks to one of three anomaly types (i.e. point, collective, or contextual), a strategy not supported by the recent findings of hybrid anomaly classifications. Given the growing usage of network anomaly detection and the implications of hybrid anomalies, we propose several heterogeneous anomaly types and provide an unsupervised approach for the automated mapping of network threats. Initial findings on publicly available intrusion datasets support the existence of four unique heterogeneous anomaly types, providing unique insight regarding the next generation of network anomaly detection systems.
RAS ID
52973
Document Type
Journal Article
Date of Publication
12-10-2022
Volume
34
Issue
1
Funding Information
Australian Government's Cooperative Research Centres Programme
School
School of Science
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Publisher
Taylor & Francis
Comments
Riddell, L., Ahmed, M., & Haskell-Dowland, P. (2022). Establishment and mapping of heterogeneous anomalies in network intrusion datasets. Connection Science, 34(1), 2755-2783. https://doi.org/10.1080/09540091.2022.2151568