Dissertation/Thesis Abstract

Cyber Incident Anomaly Detection Using Multivariate Analysis and Machine Learning
by Campbell, Ronald K., D.Engr., The George Washington University, 2018, 121; 10784357
Abstract (Summary)

The proliferation of computer devices and their interconnections has changed the way people communicate. Devices that include smart phones, home appliances, televisions, home automation devices, medical devices, and automobiles are now interconnected through home networks and private networks which are also connected to the internet. Terms such as “smart homes” and “smart cities” connote an environment where devices are interconnected with online data sources to provide enhanced products and services. This wide spread use of computing devices and computer networks raises concerns for computer security professionals because each device represents an access point to a computer network and thus, an opportunity for a cyber adversary to gain access and pose a security threat to networked devices, computer systems, and the associated networks. Cyber defense tactics must include methods to keep intruders out of the network as well as methods to detect and defend a computer system once an adversary has gained access. This study addresses the cybersecurity concern by providing a method to continuously monitor the system behavior of network devices. Traditional health and status monitoring techniques collect data from the monitored devices and perform data analysis within the enterprise network. This study proposes using the inherent processing capabilities of the network endpoints to perform security surveillance at the network edge to minimize unauthorized access, prevent the installation of malware, and reduce the risk of using the endpoints as a mechanism to attack the enterprise systems.

After a general discussion on security systems engineering, cybersecurity situational awareness and anomaly detection, the study discusses and evaluates three methods for anomaly detection. Principal component analysis (PCA) is introduced as a statistical approach for anomaly detection. Two machine learning methods—support vector machine (SVM) and neural networks (NN)—are also used in this study to evaluate their effectiveness in performing anomaly detection. Although the analysis is limited to two publicly available data sets the results indicate the SVM and NN are effective in detecting phishing websites with a detection accuracy greater than 92%. The PCA detection method exhibited a high rate of false positive detections. Consequently, SVM and NN outperformed PCA for anomaly detection in this study.

Indexing (document details)
Advisor: Islam, Muhammad F.
Commitee: Etemadi, Amirhossein, Malalla, Ebrahim, Thompson, James R.
School: The George Washington University
Department: Systems Engineering
School Location: United States -- District of Columbia
Source: DAI-B 79/08(E), Dissertation Abstracts International
Source Type: DISSERTATION
Subjects: Engineering, Systems science, Artificial intelligence
Keywords: Anomally detection, Neural networks, Principal component analysis, Support vector machine
Publication Number: 10784357
ISBN: 9780355829815
Copyright © 2019 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy
ProQuest