Anomaly Detection Beyond the Research Setting
An exploration of the use of statistics and machine learning to detect cyber attacks
More Info
expand_more
Abstract
In this work we approach the problem of deploying anomaly detection techniques for detecting cyber attacks in an organisational environment. Anomaly detection has been an active research area for almost three decades with promising results. However, few such systems have been successfully im- plemented in an operational environment for improving cyber security. Researchers have attempted to identify the reasons for this gap between research and operational success, and provide guidelines on how to overcome it. In this work we use these guidelines to guide us in the exploration of how business organisations approach anomaly detection. We compare the insights from practice with theory in an effort to better understand the main discrepancies between the two settings.