Techniques to Improve Stable Distribution Modeling of Network Traffic

The stable distribution has been shown to more accurately model some aspects of network traffic than alternative distributions. In this work, we quantitatively examine aspects of the modeling performance of the stable distribution as envisioned in a statistical network cyber event detection system. We examine the flexibility and robustness of the stable distribution, extending previous work by comparing the performance of the stable distribution against alternatives using three different, public network traffic data sets with a mix of traffic rates and cyber events. After showing the stable distribution to be the overall most accurate for the examined scenarios, we use the Hellinger metric to investigate the ability of the stable distribution to reduce modeling error when using small data windows and counting periods. For the selected case and metric, the stable model is compared to a Gaussian model and is shown to produce the best overall fit as well as the best (or at worst, equivalent) fit for all counting periods. Additionally, the best stable fit occurs at a counting period that is five times shorter than the best Gaussian case. These results imply that the stable distribution can provide a more robust and accurate model than Gaussian-based alternatives in statistical network anomaly detection implementations while also facilitating faster system detection and response

Cyber System Assurance through Improved Network Anomaly Modeling and Detection

NPS NRP Executive SummaryCyber System Assurance through Improved Network Anomaly Modeling and DetectionN8 - Integration of Capabilities & ResourcesThis research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrpChief of Naval Operations (CNO)Approved for public release. Distribution is unlimited.

Cyber System Assurance through Improved Network Anomaly Modeling and Detection

NPS NRP Technical ReportCyber System Assurance through Improved Network Anomaly Modeling and DetectionN8 - Integration of Capabilities & ResourcesThis research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrpChief of Naval Operations (CNO)Approved for public release. Distribution is unlimited.

Naval Research Program 2019 Annual Report

NPS NRP Annual ReportThe Naval Postgraduate School (NPS) Naval Research Program (NRP) is funded by the Chief of Naval Operations and supports research projects for the Navy and Marine Corps. The NPS NRP serves as a launch-point for new initiatives which posture naval forces to meet current and future operational warfighter challenges. NRP research projects are led by individual research teams that conduct research and through which NPS expertise is developed and maintained. The primary mechanism for obtaining NPS NRP support is through participation at NPS Naval Research Working Group (NRWG) meetings that bring together fleet topic sponsors, NPS faculty members, and students to discuss potential research topics and initiatives.Chief of Naval Operations (CNO)This research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrpChief of Naval Operations (CNO)Approved for public release. Distribution is unlimited.