2012 MRes projects
Feed icon

SECReT funding opportunities


This year we have a number of scholarships available. All are: More...

Published: Feb 23, 2017 8:36:00 AM

Find a SECReT supervisor
prism apply now

Statistical change point detection of internet traffic

22 March 2013

Alex Gibberd

By any measure, the UK is one of the world’s top internet users. UK dependence on cyberspace is significant and growing; more than 7% of the UK's GDP is generated through on-line activity. Networked systems are increasingly being targeted by sophisticated cyber-criminals and hostile nations. As highlighted by the Defense Select Committee, the threat that these cyber-attackers pose can "evolve at almost unimaginable speed". Since current methods are primarily based on prior knowledge of attack scenarios, these new adaptive (“zero-day”) attacks are very hard to mitigate or even detect.  This project will examine the application of advanced statistical and machine learning ideas to model and detect anomalous computer network activity, which may be relevant for detecting such attacks. Many previous efforts have only considered independent analysis of individual measures of activity. When multivariate analysis is considered it is important to establish and automatically learn the cross correlation structure present under normal operating conditions. However, this is only tractable when appropriate prior knowledge is leveraged. A common strategy in other fields is to assume that the multivariate signal forms certain patterns of clusters. To this end, recent machine learning approaches utilising sparse structure learning through the Lasso, graphical Lasso, and other extensions such as the group Lasso will be considered.  Future research may lead to the extension of this project work, incorporating the above techniques within a context-aware, multi-scale framework for anomaly detection.