Abstract
The paper focuses on a selected element of network security assurance, which is anomaly detection in network traffic monitoring. The anomaly detection component is developed as part of Regional Security Operation Center (developed in the RegSOC project) – a local instance of the Security Operational Center (SOC) – to detect incidents or their symptoms in terms of outlier observations in data. The objective of the research is to assess and select for implementation methods and tools satisfying the requirements of the performed RegSOC project. The paper discusses the role and placement of such tools in the general SOC architecture and requirements to be satisfied by these tools in a view of the specific RegSOC project needs. Next, a review of available methods and tools is performed to select the most useful ones. Using the selected tool, a general concept of security analysis component is presented and assessed against the project requirements.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Jarre, J.M., Snowden, E.: Exit, Electronica 2: The Heart of Noise, Columbia Records (2016)
RegSOC: http://www.ibemag.pl/en/news/item/324-the-regsoc-project-has-started. Accessed 18 Jan 2019
ISO/IEC 27035 Information Technology – Security techniques – Information security incident management. ISO, Geneva (2011)
Logstash: https://www.elastic.co/products/logstash. Accessed 18 Jan 2019
Muniz, J., McIntyre, G., AlFardan, N.: Security Operations Center: Building, Operating, and Maintaining Your SOC. Cisco Press, Indianapolis (2016)
Grubbs, F.E.: Procedures for detecting outlying observations in samples. Technometrics 11(1), 1–21 (1969)
Hawkins, D.M.: Identification of Outliers. Monographs on Applied Probability and Statistics. Springer, Dordrecht (1980)
Barnett, V., Lewis, T.: Outliers in Statistical Data, 3rd edn. Wiley, Chichester (1994)
Weisberg, S.: Applied Linear Regression. Wiley Series in Probability and Statistics, 3rd edn. Wiley, Hoboken (2005)
Ramaswamy, S., Rastogi, R., Shim, K.: Efficient algorithms for mining outliers from large data sets. SIGMOD Rec. 29(2), 427–438 (2000)
Knorr, E.M., Ng, R.T.: Algorithms for mining distance-based outliers in large datasets. In: Proceedings of the 24th International Conference on Very Large Data Bases, pp. 392–403(1998)
Byers, S., Raftery, A.E.: Nearest-neighbor clutter removal for estimating features in spatial point processes. J. Am. Stat. Assoc. 93(442), 577–584 (1998)
Ester, M., Kriegel, H.P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, pp. 226–231 (1996)
Boser, B.E., Guyon, I.M., Vapnik, V.N.: A training algorithm for optimal margin classifiers. In: Proceedings of the Fifth Annual Workshop on Computational Learning Theory, pp. 144–152 (1992)
Schoelkopf, B., Williamson, R.C., Smola, A.J., Shawe-Taylor, J., Platt, J.C.: Support vector method for novelty detection. In: Solla, S., Leen, T., Mueller, K. (eds.) Advances in Neural Information Processing Systems, vol. 12, pp. 582–588. MIT Press, Cambridge (2000)
Boriah, S., Chandola, V., Kumar, V.: Similarity measures for categorical data: a comparative evaluation. In: Proceedings of the SIAM International Conference on Data Mining, pp. 243–254 (2008)
Acknowledgements
RegSOC – Regional Center for Cybersecurity. The project is financed by the Polish National Centre for Research and Development as part of the second CyberSecIdent – Cybersecurity and e-Identity competition (agreement number: CYBERSECIDENT/381690/II/NCBR/2018).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bialas, A., Michalak, M., Flisiuk, B. (2020). Anomaly Detection in Network Traffic Security Assurance. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Engineering in Dependability of Computer Systems and Networks. DepCoS-RELCOMEX 2019. Advances in Intelligent Systems and Computing, vol 987. Springer, Cham. https://doi.org/10.1007/978-3-030-19501-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-19501-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19500-7
Online ISBN: 978-3-030-19501-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)