Rating the Significance of Detected Network Events

Simple item page
dc.contributor.advisorNelson, Richard
dc.contributor.authorMungro, Meenakshee
dc.date.accessioned2014-09-08T04:10:28Z
dc.date.available2014-09-08T04:10:28Z
dc.date.issued2014
dc.date.updated2014-07-13T22:26:19Z
dc.description.abstractExisting anomaly detection systems do not reliably produce accurate severity ratings for detected network events, which results in network operators wasting a large amount of time and effort in investigating false alarms. This project investigates the use of data fusion to combine evidence from multiple anomaly detection methods to produce a consistent and accurate representation of the severity of a network event. Four new detection methods were added to Netevmon, a network anomaly detection framework, and ground truth was collected from a latency training dataset to calculate the set of probabilities required for each of the five data fusion methods chosen for testing. The evaluation was performed against a second test dataset containing manually assigned severity scores for each event and the significance ratings produced by the fusion methods were compared against the assigned severity score to determine the accuracy of each data fusion method. The results of the evaluation showed that none of the data fusion methods achieved a desirable level of accuracy for practical deployment. However, Dempster-Shafer was the most promising of the fusion methods investigated due to correctly classifying more significant events than the other methods, albeit with a slightly higher false alarm rate. We conclude by suggesting some possible options for improving the accuracy of Dempster-Shafer that could be investigated as part of future work.
dc.format.mimetypeapplication/pdf
dc.identifier.citationMungro, M. (2014). Rating the Significance of Detected Network Events (Thesis, Master of Science (MSc)). University of Waikato, Hamilton, New Zealand. Retrieved from https://hdl.handle.net/10289/8808en
dc.identifier.urihttps://hdl.handle.net/10289/8808
dc.language.isoen
dc.publisherUniversity of Waikato
dc.rightsAll items in Research Commons are provided for private study and research purposes and are protected by copyright with all rights reserved unless otherwise indicated.
dc.subjectData fusion
dc.subjectAnomaly detection
dc.subjectNetwork latency
dc.titleRating the Significance of Detected Network Events
dc.typeThesis
pubs.place-of-publicationHamilton, New Zealanden_NZ
thesis.degree.disciplineComputer Science
thesis.degree.grantorUniversity of Waikato
thesis.degree.levelMasters
thesis.degree.nameMaster of Science (MSc)
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
thesis.pdf
Size:
1.15 MB
Format:
Adobe Portable Document Format
Description:
Thumbnail Image
Name: thesis.pdf
Size: 1.15 MB
Kind: Adobe PDF
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
2.07 KB
Format:
Item-specific license agreed upon to submission
Description:
Name: license.txt
Size: 2.07 KB
Kind: License
Collections
Masters Degree Theses