Abstract

Anomaly detection in the scope of network security aims to identify network instances for the unexpected and unique, with various security operations employing such techniques to facilitate effective threat detection. However, many systems have been designed based on the absolute mapping of attacks to one of three anomaly types (i.e. point, collective, or contextual), a strategy not supported by the recent findings of hybrid anomaly classifications. Given the growing usage of network anomaly detection and the implications of hybrid anomalies, we propose several heterogeneous anomaly types and provide an unsupervised approach for the automated mapping of network threats. Initial findings on publicly available intrusion datasets support the existence of four unique heterogeneous anomaly types, providing unique insight regarding the next generation of network anomaly detection systems.

RAS ID

52973

Document Type

Journal Article

Date of Publication

12-10-2022

Volume

34

Issue

1

Funding Information

Australian Government's Cooperative Research Centres Programme

School

School of Science

Creative Commons License

Creative Commons Attribution 4.0 License
This work is licensed under a Creative Commons Attribution 4.0 License.

Publisher

Taylor & Francis

Comments

Riddell, L., Ahmed, M., & Haskell-Dowland, P. (2022). Establishment and mapping of heterogeneous anomalies in network intrusion datasets. Connection Science, 34(1), 2755-2783. https://doi.org/10.1080/09540091.2022.2151568

Share

 
COinS
 

Link to publisher version (DOI)

10.1080/09540091.2022.2151568