Nonparametric Bayesian models for security anomaly detection

University essay from KTH/Skolan för elektroteknik och datavetenskap (EECS)

Author: Baptiste Lartigau; [2019]

Keywords: ;

Abstract: Avionics systems are growing ever more complex to accommodate to the evolving needs of airlines. As such, their attack surface has greatly expanded, and the potential impact of a security incident touching these systems has become a critical concern for the aerospace industry. Countermeasures include defining security perimeters and monitoring network traffic, and in turn inspecting the logs generated by these systems to reveal security incidents and respond quickly accordingly. However, processing the large amount of system logs to extract valuable information is intractable through conventional means such as manual human investigation or regular expression matching. This thesis tackles the problem of automation of anomaly detection on security and functional system logs using advanced machine learning techniques. It investigates new methods to improve on the work done during a previous project at Collins Aerospace on Markov chains and LSTM neural networks. In particular, it evaluates the use of nonparametric Bayesian methods to perform this task, specifically the Hidden Dirichlet Process Hidden Markov Model. A complete log analysis system is proposed based on these models, and their performance is evaluated on real-life datasets using this framework.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)