Machine Learning Techniques for Cybersecurity by unknow

Author:unknow
Language: eng
Format: epub
ISBN: 9783031282591
Publisher: Springer International Publishing

6.2.1.2 Multivariate Time-Series-Based Approaches

A multivariate time series is a series with multiple time-dependent variables. It is useful in AD as recent attacks typically follow multiple steps to achieve their goals and time series are helpful to understand the attack contexts for detecting anomalies.

MTAD-GAT [255] uses not only multiple features in its decisions but also the temporal dependencies and the correlation between different features. It is different from other approaches that analyze each variable independently. By correlating different features, MTAD-GAT can detect unexpected but normal patterns, reducing the number of false positives. The rationale behind it is that a sudden change in a certain metric does not always mean that the change is actually indicative of an intrusion. For example, the CPU utilization of a server can abruptly increase because of the normal behavior of a particular process. If using only the CPU utilization metric, the system would always raise an alarm, resulting in lots of false positives. However, by considering the information about the process simultaneously when the CPU utilization has skyrocketed, the system may understand normal cases with sudden changes. To this end, MTAD-GAT introduces the graph attention layer to detect multivariate correlations. With the graph attention layer, MTAD-GAT performs AD through a combination of single-timestamp predictions and reconstruction of the entire time series.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.