AI Article Synopsis
- The authors propose a new real-time method for detecting unusual activity in large, sparse networks by using a dynamic logistic model that incorporates various factors influencing sender and receiver behaviors.
- They utilize a variational Bayesian approach to estimate hidden attributes for nodes, allowing these attributes to shift over time to reflect changes in network activity.
- Their algorithm, tested on a network of over 25,000 computers, successfully identifies a red team attack with a detection rate significantly better than previous models without these latent factors.
Article Abstract
We develop a real-time anomaly detection method for directed activity on large, sparse networks. We model the propensity for future activity using a dynamic logistic model with interaction terms for sender- and receiver-specific latent factors in addition to sender- and receiver-specific popularity scores; deviations from this underlying model constitute potential anomalies. Latent nodal attributes are estimated via a variational Bayesian approach and may change over time, representing natural shifts in network activity. Estimation is augmented with a case-control approximation to take advantage of the sparsity of the network and reduces computational complexity from ( ) to (), where is the number of nodes and is the number of observed edges. We run our algorithm on network event records collected from an enterprise network of over 25,000 computers and are able to identify a red team attack with half the detection rate required of the model without latent interaction terms.
Download full-text PDF |
Source |
|---|---|
| http://www.ncbi.nlm.nih.gov/pmc/articles/PMC11534301 | PMC |
| http://dx.doi.org/10.1080/00401706.2021.1952900 | DOI Listing |
Publication Analysis
Top Keywords
Similar Publications
Want AI Summaries of new PubMed Abstracts delivered to your In-box?
Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!