Faculty Advisor

Harrison, Lane T.

Faculty Advisor

Paffenroth, Randy Clinton

Abstract

This MQP presents a novel anomaly detection system for computer network traffic, as well as a visualization system to help users explore the results of the anomaly detection. The detection algorithm uses a novel approach to Robust Principal Component Analysis, to produce a lower dimensional subspace of the original data, for which a random forest can be applied to predict anomalies. The visualization system has been designed to help cyber security analysts sort anomalies by attribute and view them in the context of normal network activity. The system consists of an overview of firewall logs, a detail view of each log, and a feature view where an analyst can see which features of the firewall log were implicated in the anomaly detection algorithm.

Publisher

Worcester Polytechnic Institute

Date Accepted

April 2017

Major

Computer Science

Major

Mathematical Sciences

Project Type

Major Qualifying Project

Accessibility

Unrestricted

Advisor Department

Computer Science

Advisor Department

Mathematical Sciences

Share

COinS