Anomaly Detection in Network Traffic Security Assurance

Abstract

The paper focuses on a selected element of network security assurance, which is anomaly detection in network traffic monitoring. The anomaly detection component is developed as part of Regional Security Operation Center (developed in the RegSOC project) – a local instance of the Security Operational Center (SOC) – to detect incidents or their symptoms in terms of outlier observations in data. The objective of the research is to assess and select for implementation methods and tools satisfying the requirements of the performed RegSOC project. The paper discusses the role and placement of such tools in the general SOC architecture and requirements to be satisfied by these tools in a view of the specific RegSOC project needs. Next, a review of available methods and tools is performed to select the most useful ones. Using the selected tool, a general concept of security analysis component is presented and assessed against the project requirements.