Taylor & Francis
School of Science
Australian Government's Cooperative Research Centres Programme
Anomaly detection in the scope of network security aims to identify network instances for the unexpected and unique, with various security operations employing such techniques to facilitate effective threat detection. However, many systems have been designed based on the absolute mapping of attacks to one of three anomaly types (i.e. point, collective, or contextual), a strategy not supported by the recent findings of hybrid anomaly classifications. Given the growing usage of network anomaly detection and the implications of hybrid anomalies, we propose several heterogeneous anomaly types and provide an unsupervised approach for the automated mapping of network threats. Initial findings on publicly available intrusion datasets support the existence of four unique heterogeneous anomaly types, providing unique insight regarding the next generation of network anomaly detection systems.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Riddell, L., Ahmed, M., & Haskell-Dowland, P. (2022). Establishment and mapping of heterogeneous anomalies in network intrusion datasets. Connection Science, 34(1), 2755-2783. https://doi.org/10.1080/09540091.2022.2151568