Anomaly Detection Beyond the Research Setting
An exploration of the use of statistics and machine learning to detect cyber attacks
G.D. Sæmundsson
D. Hadziosmanovic – Mentor
H. Asghari – Mentor
M.J.G. van Eeten – Mentor
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
In this work we approach the problem of deploying anomaly detection techniques for detecting cyber attacks in an organisational environment. Anomaly detection has been an active research area for almost three decades with promising results. However, few such systems have been successfully im- plemented in an operational environment for improving cyber security. Researchers have attempted to identify the reasons for this gap between research and operational success, and provide guidelines on how to overcome it. In this work we use these guidelines to guide us in the exploration of how business organisations approach anomaly detection. We compare the insights from practice with theory in an effort to better understand the main discrepancies between the two settings.