This MQP presents a novel anomaly detection system for computer network traffic, as well as a visualization system to help users explore the results of the anomaly detection. The detection algorithm uses a novel approach to Robust Principal Component Analysis, to produce a lower dimensional subspace of the original data, for which a random forest can be applied to predict anomalies. The visualization system has been designed to help cyber security analysts sort anomalies by attribute and view them in the context of normal network activity. The system consists of an overview of firewall logs, a detail view of each log, and a feature view where an analyst can see which features of the firewall log were implicated in the anomaly detection algorithm.

• This report represents the work of one or more WPI undergraduate students submitted to the faculty as evidence of completion of a degree requirement. WPI routinely publishes these reports on its website without editorial or peer review.

Creator

• Flores-Huerta, Heric
• Litch, Cassidy
• Link, Jacob Steven

Publisher

• Worcester Polytechnic Institute

Identifier

• E-project-042717-154106

Advisor

• Harrison, Lane T.
• Paffenroth, Randy Clinton

Year

• 2017

Date created

• 2017-04-27

Resource type

• Major Qualifying Project

Major

• Computer Science

Rights statement

• In Copyright

最新修改

• 2021-02-01