Search Icon
Register

Evaluating Euler: Experimental Results of Network Anomaly Detection Models

Isaiah J. King (The George Washington University)

Lateral movement is a key stage of system compromise used by advanced persistent threats, and detecting it is no simple task. But when network host logs are abstracted into discrete temporal graphs, the problem can be reframed as anomalous edge detection in an evolving network. We have implemented a formalized approach to this problem with a framework we call Euler. It consists of a model-agnostic graph neural network stacked upon a model-agnostic sequence encoding layer such as a recurrent neural network. In this talk, we will discuss the challenges we faced comparing Euler to other link prediction and anomaly detection models, and how we justified and qualified our conclusions about its effectiveness. We proposed a more precise terminology for temporal link prediction tasks to aid in reproducibility. Assertions about the relative quality of models are backed with inferential statistics, not just performance metrics, ensuring fair comparison. Finally, we discuss the value of various metrics and data sets for anomaly detection in general.

Speaker's biography

Isaiah J. King is a Ph.D. student at the George Washington University School of Engineering and Applied Sciences and an ARCS scholar. His research interests include unsupervised machine learning on graphs, and distributed machine learning, particularly as they apply to intrusion detection systems.

View More Papers

coucouArray ( [post_type] => ndss-paper [post_status] => publish [posts_per_page] => 4 [orderby] => rand [tax_query] => Array ( [0] => Array ( [taxonomy] => category [field] => id [terms] => Array ( [0] => 42 [1] => 55 ) ) ) [post__not_in] => Array ( [0] => 8407 ) )

Taking a Closer Look at the Alexa Skill Ecosystem

Christopher Lentzsch (Ruhr-Universität Bochum), Anupam Das (North Carolina State University)

Read More

SpiralSpy: Exploring a Stealthy and Practical Covert Channel to...

Zhengxiong Li (University at Buffalo, SUNY), Baicheng Chen (University at Buffalo), Xingyu Chen (University at Buffalo), Huining Li (SUNY University at Buffalo), Chenhan Xu (University at Buffalo, SUNY), Feng Lin (Zhejiang University), Chris Xiaoxuan Lu (University of Edinburgh), Kui Ren (Zhejiang University), Wenyao Xu (SUNY Buffalo)

Read More

Chhoyhopper: A Moving Target Defense with IPv6

A S M Rizvi (University of Southern California/Information Sciences Institute) and John Heidemann (University of Southern California/Information Sciences Institute)

Read More

Log4shell: Redefining the Web Attack Surface

Douglas Everson (Clemson University), Long Cheng (Clemson University), and Zhenkai Zhang (Clemson University)

Read More

Privacy Starts with UI: Privacy Patterns and Designer Perspectives in UI/UX Practice

Anxhela Maloku (Technical University of Munich), Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Florian Matthes (Technical University of Munich)

Vision: Profiling Human Attackers: Personality and Behavioral Patterns in Deceptive Multi-Stage CTF Challenges

Khalid Alasiri (School of Computing and Augmented Intelligence Arizona State University), Rakibul Hasan (School of Computing and Augmented Intelligence Arizona State University)

From Underground to Mainstream Marketplaces: Measuring AI-Enabled NSFW Deepfakes on Fiverr

Mohamed Moustafa Dawoud (University of California, Santa Cruz), Alejandro Cuevas (Princeton University), Ram Sundara Raman (University of California, Santa Cruz)