Title: Bayesian new edge prediction and anomaly detection in large computer networks
Authors: Silvia Metelli - Imperial College London & The Alan Turing Institute (United Kingdom) [presenting]
Nicholas Heard - Imperial College London (United Kingdom)
Abstract: Statistical anomaly detection searches for outlying behaviour in a network with respect to a putative normal background. In this scenario, it is thus fundamental to build robust models describing the normal network background. This task becomes particularly challenging when considering cyber security applications, which require prompt evaluation on large sets of data. We will introduce a robust Bayesian model and anomaly detection method for simultaneously characterising network structure and modelling likely new edge formation in a large computer network graph. New edges represent connections between a client and server pair not previously observed, and can provide valuable evidence of anomalous activity. What constitutes normal behaviour for some hosts might be very unusual for some others and thus examining existing network structure (e.g. clusters of similar clients and servers) is key for accurately predicting likely future interactions. For this purpose, a notion of similarity between clients and servers is developed, first under hard-thresholding with a clustering model, and then extended to soft-thresholding in a flexible latent feature space. The model is then used to construct an anomaly detection method, which successfully identifies some of the machines known to be compromised when demonstrated on real computer network authentication data.