Abstract

Techniques are described herein for clustering network hosts based on their network behavior to create groups of hosts that behave similarly. An anomaly detection model trained on a single group of network hosts is more robust to fluctuations of the behavior of individual hosts when compared to the per host models. When comparing to the group all models that are trained using the behavior of all network hosts, finer anomalies (e.g., stealthy data exfiltration) that would otherwise be hidden may be detected by modelling diversely behaving network hosts.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Recommended Citation

Grill, Martin; Kopp, Martin; and Kohout, Jan, "TARGETED NETWORK ANOMALY DETECTION", Technical Disclosure Commons, (July 11, 2018)
https://www.tdcommons.org/dpubs_series/1306

Download

COinS

Technical Disclosure Commons

Defensive Publications Series

TARGETED NETWORK ANOMALY DETECTION

Abstract

Creative Commons License

Recommended Citation

Browse

Search

Submit

Additional Information

Technical Disclosure Commons

Defensive Publications Series

TARGETED NETWORK ANOMALY DETECTION

Inventor(s)

Abstract

Creative Commons License

Recommended Citation

Share

Browse

Search

Submit

Additional Information