Anomaly Detection Beyond the Research Setting

An exploration of the use of statistics and machine learning to detect cyber attacks

Master thesis (2015)

Authors

G.D. Sæmundsson

Contributors

D. Hadziosmanovic (mentor)

H. Asghari (mentor)

M.J.G. Van Eeten (mentor)

Programme

SEPAM IA () (TU Delft)

Usability Intrusion detection Cyber security Anomaly detection Organisational challenges

To reference this document use:

http://resolver.tudelft.nl/uuid:8b3cc7b9-e2c0-43c4-92cf-b8bde8cbbedf

More Info

expand_more

Published Date

06-10-2015

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Programme

SEPAM IA

Abstract

In this work we approach the problem of deploying anomaly detection techniques for detecting cyber attacks in an organisational environment. Anomaly detection has been an active research area for almost three decades with promising results. However, few such systems have been successfully im- plemented in an operational environment for improving cyber security. Researchers have attempted to identify the reasons for this gap between research and operational success, and provide guidelines on how to overcome it. In this work we use these guidelines to guide us in the exploration of how business organisations approach anomaly detection. We compare the insights from practice with theory in an effort to better understand the main discrepancies between the two settings.

Files

GD_Saemundsson_ScientificArtic... (pdf)

(pdf | 0.338 Mb)

GD_Saemundsson_Thesis_public_v... (pdf)

(pdf | 1.06 Mb)