2012 MRes projects
Find a SECReT supervisor
Information for overseas students
View SECReT animation
Download SECReT brochure

Statistical change point detection of internet traffic

22 March 2013


Alex Gibberd

By any measure, the UK is one of the world’s top internet users. UK dependence on cyberspace is significant and growing; more than 7% of the UK's GDP is generated through on-line activity. Networked systems are increasingly being targeted by sophisticated cyber-criminals and hostile nations. As highlighted by the Defense Select Committee, the threat that these cyber-attackers pose can "evolve at almost unimaginable speed". Since current methods are primarily based on prior knowledge of attack scenarios, these new adaptive (“zero-day”) attacks are very hard to mitigate or even detect.  This project will examine the application of advanced statistical and machine learning ideas to model and detect anomalous computer network activity, which may be relevant for detecting such attacks. Many previous efforts have only considered independent analysis of individual measures of activity. When multivariate analysis is considered it is important to establish and automatically learn the cross correlation structure present under normal operating conditions. However, this is only tractable when appropriate prior knowledge is leveraged. A common strategy in other fields is to assume that the multivariate signal forms certain patterns of clusters. To this end, recent machine learning approaches utilising sparse structure learning through the Lasso, graphical Lasso, and other extensions such as the group Lasso will be considered.  Future research may lead to the extension of this project work, incorporating the above techniques within a context-aware, multi-scale framework for anomaly detection.