Dissertations, Theses, and Capstone Projects
Date of Degree
6-2023
Document Type
Dissertation
Degree Name
Ph.D.
Program
Computer Science
Advisor
Sven Dietrich
Committee Members
Ping Ji
Saptarshi Debroy
Yong Guan
Subject Categories
Artificial Intelligence and Robotics | Information Security | Theory and Algorithms
Keywords
Structural Anomaly, Role Detection, Generative AI, Intrusion Detecrtion
Abstract
As computer systems become more complex and powerful, the threat of sophisticated and persistent computer attacks increases dramatically. Traditional intrusion detection systems that rely on log analysis struggle to keep pace with these evolving threats, as the attacking trails are often buried in high-volume and high-velocity legitimate activities in the system. Despite tremendous progress in applying machine learning techniques to anomaly-based intrusion detection, such methods continue to suffer from a high false positive rate due to the diversity and variability of individual behavior.To address this problem, this thesis proposes a new framework for detecting structural anomalies in computer systems. The framework is based on the hypothesis that an intruder to a system is motivated by the desire to conduct unwanted or malicious behavior that defies the purpose of the system. When a system is designed for specific purposes, entities in the system driven by certain functionalities act purposely, and interactions among entities are not random, and structures exist. By contrast, malicious behavior will appear out of place with the internal inherited structure a system may have, i.e., structural anomalies.
The proposed framework targets detecting functional structures and identifying anomalies related to inherited system functionalities. System functionalities are captured by entity activities in the system, and entity activities are driven by roles they play. As a key element of the framework, the thesis proposes the System Latent Dirichlet Allocation (SysLDA) approach to detect entity roles, assuming that an entity plays multiple roles, and each role represents a set of activities driven by their designated functionalities. The framework is evaluated using a simulated system, and the results demonstrate its capability of detecting structural anomalies. In particular, SysLDA outperforms existing approaches for role detection in the simulated system. The thesis also discusses the challenges and opportunities of the proposed approach and highlights its potential for detecting structural anomalies in computer systems. In summary, this work contributes to the field of anomaly-based intrusion detection by proposing a novel approach that targets detecting functional structures and identifying anomalies related to inherited system functionalities.
Recommended Citation
Luo, Shoufu, "Structural Anomaly Detection" (2023). CUNY Academic Works.
https://academicworks.cuny.edu/gc_etds/5402
Included in
Artificial Intelligence and Robotics Commons, Information Security Commons, Theory and Algorithms Commons