1 / 9

Multi-Route Anomaly detection using Principal Component Analysis

This research explores the detection of anomalies across entire networks while comparing them to single-route anomalies. The primary goal is to identify the relationship between anomalies occurring network-wide and their individual routes. The approach entails discovering a scheme to establish this relationship, applying it to relevant routes, and analyzing the results. Utilizing data from the MIT Lincoln Laboratory's intrusion detection datasets, including various network scenarios, the study aims to enhance the understanding of anomalies within network environments. Future work will build upon these analyses.

ulric-franklin
Télécharger la présentation

Multi-Route Anomaly detection using Principal Component Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multi-Route Anomaly detection using Principal Component Analysis Adnan Iqbal Superviser Dr. Waqar Mahmood

  2. The concept • Idea is to discover anomalies in the whole network and then to compare these network wide anomalies with those of single route anomalies • To find out relationship between network wide anomalies and its constituent single route anomalies

  3. Summary • Discover a scheme that can be used to get relationship between network wide anomalies and single route anomalies • Implement the scheme • Perform Regularization of Data • Apply the scheme to suitable routes • Analyze Results • Analysis of Data used in Anomaly Detection

  4. Current Work • Current Work • Study of MIT Lincoln Lab intrusion detection data • The Network • Inside (Air Force Base) • Outside (Internet) • DMZ (Connection) • Data Sets (98, 99, 2000) • 2000 data set (scenario based) • LLDOS 1.0 - Scenario One • LLDOS 2.0.2 - Scenario Two • Windows NT Attack Data Set

  5. Network 1

  6. Network 2

  7. Inside Hosts Network 3-1

  8. Network 3-2

  9. Future Work • Depends on The out come of MIT Lincoln Lab Data Analysis

More Related