Summary of State Frequency Estimation For Anomaly Detection, by Clinton Cao and Agathe Blaise and Annibale Panichella and Sicco Verwer
State Frequency Estimation for Anomaly Detection
by Clinton Cao, Agathe Blaise, Annibale Panichella, Sicco Verwer
First submitted to arxiv on: 4 Dec 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary A new approach, called SEQUENT, is proposed for detecting anomalies in network traffic, specifically for NetFlows. Unlike previous works that learn from unlabeled data and compute anomaly scores based on likelihood or fit, SEQUENT dynamically adapts its scoring based on the state visit frequency of a state machine. This allows for more effective detection of anomalies, even when an attacker produces common-looking traces to evade detection. The model also generates root causes for anomalies, enabling grouping of alarms and simplified analysis. The performance of SEQUENT is evaluated on three public NetFlow datasets and compared to existing unsupervised anomaly detection methods, showing promising results. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Detecting bad things happening in computer networks is important! Researchers have tried different ways to do this, but some attackers are sneaky and make their “bad” actions look normal. The new way called SEQUENT helps fix this by changing how it looks at the network data as it’s being used. It also finds the reasons why something bad happened, making it easier to stop the problem from happening again. This new method was tested on some real network data and did better than other ways of doing things. |
Keywords
» Artificial intelligence » Anomaly detection » Likelihood » Unsupervised
