Go to OpenReview Archive homepageGeneral-Purpose Unsupervised Cyber Anomaly Detection via Non-Negative Tensor Factorization
Abstract: Distinguishing malicious anomalous activities from unusual but benign activities is a fundamental challenge for cyber
defenders. Prior studies have shown that statistical user behavior analysis yields accurate detections by learning behavior
proiles from observed user activity. These unsupervised models are able to generalize to unseen types of attacks by detecting
deviations from normal behavior, without knowledge of speciic attack signatures. However, approaches proposed to date
based on probabilistic matrix factorization are limited by the information conveyed in a two-dimensional space. Non-negative
tensor factorization, on the other hand, is a powerful unsupervised machine learning method that naturally models multi-
dimensional data, capturing complex and multi-faceted details of behavior proiles. Our new unsupervised statistical anomaly
detection methodology matches or surpasses state-of-the-art supervised learning baselines across several challenging and
diverse cyber application areas, including detection of compromised user credentials, botnets, spam e-mails, and fraudulent
credit card transactions.
0 Replies
Loading