Harrison, Lane T.
Paffenroth, Randy Clinton
This MQP presents a novel anomaly detection system for computer network traffic, as well as a visualization system to help users explore the results of the anomaly detection. The detection algorithm uses a novel approach to Robust Principal Component Analysis, to produce a lower dimensional subspace of the original data, for which a random forest can be applied to predict anomalies. The visualization system has been designed to help cyber security analysts sort anomalies by attribute and view them in the context of normal network activity. The system consists of an overview of firewall logs, a detail view of each log, and a feature view where an analyst can see which features of the firewall log were implicated in the anomaly detection algorithm.
Worcester Polytechnic Institute
Major Qualifying Project
All authors have granted to WPI a nonexclusive royalty-free license to distribute copies of the work, subject to other agreements. Copyright is held by the author or authors, with all rights reserved, unless otherwise noted.