Robust PCA for Anomaly Detection in Cyber Networks
About
This paper uses network packet capture data to demonstrate how Robust Principal Component Analysis (RPCA) can be used in a new way to detect anomalies which serve as cyber-network attack indicators. The approach requires only a few parameters to be learned using partitioned training data and shows promise of ameliorating the need for an exhaustive set of examples of different types of network attacks. For Lincoln Lab's DARPA intrusion detection data set, the method achieves low false-positive rates while maintaining reasonable true-positive rates on individual packets. In addition, the method correctly detected packet streams in which an attack which was not previously encountered, or trained on, appears.
Randy Paffenroth, Kathleen Kay, Les Servi• 2018
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Anomaly Detection | SMD | F1 Score19 | 375 | |
| Time Series Anomaly Detection | TSB-AD-M | VUS-PR24 | 83 | |
| Time Series Anomaly Detection | GECCO | VUS-ROC0.37 | 74 | |
| Time Series Anomaly Detection | PSM | Standard-F120 | 38 | |
| Time Series Anomaly Detection | SVDB | AUC-PR7 | 33 | |
| Time Series Anomaly Detection | MITDB | AUC-PR4 | 33 | |
| Time Series Anomaly Detection | Daphnet | AUC-PR7 | 33 | |
| Multivariate Time Series Anomaly Detection | PSM | -- | 28 | |
| Multivariate Time Series Anomaly Detection | Exathlon | VUS-PR0.77 | 27 | |
| Time Series Anomaly Detection | Exathlon | AUC-PR0.8 | 27 |
Showing 10 of 39 rows