Performance Analysis of a Graph-based Anomaly Detector and the Zeek Intrusion Detection System

Files

Roshandel_Somayeh_MEng_2022.pdf (889.64 KB)

Date

2022-05-16

Authors

Roshandel, Somayeh

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Due to the increase in the number of cyber security attacks and malicious behaviours, different sectors of society are required to mitigate the risk of being targeted by threat actors. Network Intrusion Detection Systems (NIDS) have become an essential part of most security strategies deployed in organizations as a protection layer for their network infrastructure. In this project, we analyze the performance of a graph-based unsupervised anomaly detection model that was developed at the Information Security and Object Technology (ISOT) Lab. The performance evaluation was conducted using a large public IDS evaluation dataset called CICIDS2017. This allowed confirming the performance results obtained in the original model evaluation that was conducted using a different dataset. Furthermore, by running the Zeek intrusion detection system (IDS) on the CICIDS2017 we were able to compare and contrast the graph-based anomaly detector against Zeek.

Description

Keywords

Citation

URI

http://hdl.handle.net/1828/13956

Collections

Graduate Projects (Electrical and Computer Engineering)
 
University of Victoria Libraries

We acknowledge and respect the Lək̓ʷəŋən (Songhees and Esquimalt) Peoples on whose territory the university stands, and the Lək̓ʷəŋən and W̱SÁNEĆ Peoples whose historical relationships with the land continue to this day.