<rdf:RDF xmlns:rdf="http://www.openarchives.org/OAI/2.0/rdf/" xmlns:ow="http://www.ontoweb.org/ontology/1#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ds="http://dspace.org/ds/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:doc="http://www.lyncode.com/xoai" xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/rdf/ http://www.openarchives.org/OAI/2.0/rdf.xsd">
   <ow:Publication rdf:about="oai:digibug.ugr.es:10481/67941">
      <dc:title>Multivariate Statistical Network Monitoring for Network Security based on Principal Component Analysis</dc:title>
      <dc:creator>Fuentes García, Noemí Marta</dc:creator>
      <dc:contributor>Camacho Páez, José</dc:contributor>
      <dc:contributor>Macía Fernández, Gabriel</dc:contributor>
      <dc:contributor>Universidad de Granada. Programa de Doctorado en Tecnologías de la Información y la Comunicación</dc:contributor>
      <dc:subject>Análisis multivariante</dc:subject>
      <dc:subject>Redes de comunicación</dc:subject>
      <dc:subject>Procesos industriales</dc:subject>
      <dc:subject>Análisis de datos</dc:subject>
      <dc:description>Currently we live in hyper-connected world, which is one of the main causes&#xd;
for the fast propagation of Information Technology (IT) Security attacks. An&#xd;
IT Security incident can impact both in the economy and the reputation of&#xd;
the organization that suffers it. Thus, IT Security is a prior concern for any&#xd;
organization. Another important issue related to IT Security threats is that&#xd;
the time required for compromising a network is, on average, in the order&#xd;
of minutes, while the security team may need months to detect an incident&#xd;
after it takes place. This makes it necessary to enhance the mechanisms of&#xd;
intrusion detection to improve the capability of prioritization and classification&#xd;
of IT security alarms. With the appropriate tools, the security team can detect&#xd;
the incidents timely without being overwhelmed by an excessive number of&#xd;
alarms.&#xd;
Network security is of utmost importance within IT Security, and it aims&#xd;
to make the communications infrastructure secure from the point of view of&#xd;
the IT. In general, there are three approaches for network security: prevention,&#xd;
detection and response. These approaches can be combined to achieve a&#xd;
comprehensive security system. A practical combination of the detection and&#xd;
response dimensions is the so-called Network Security Monitoring (NSM),&#xd;
which is an approach that aims to detect the incidents in a network by monitoring&#xd;
the network traffic. NSM is carried out by collecting, combining&#xd;
and analyzing different sources of information, in order to detect and notify&#xd;
intrusions. There are two main techniques for incident detection: Signature&#xd;
based, which allows to detect attacks from previously defined patterns; and&#xd;
Anomaly-based, which allows to detect deviations from the normal behavior&#xd;
in a network, captured in a previously trained model.&#xd;
Multivariate Statistical Network Monitoring (MSNM) is an NSM methodology&#xd;
that follows an anomaly-based detection scheme that extends the&#xd;
Multivariate Statistical Process Control (MSPC) theory, developed in the&#xd;
area of industrial process research. MSPC consists in two phases: phase I,&#xd;
detection of assignable causes of variation in the calibration data that are&#xd;
corrected and eliminated until the process is under Normal Operation Condition&#xd;
(NOC); and phase II, monitoring of new data to detect (and diagnose)&#xd;
anomalies. MSNM applies this philosophy to traffic network data, adding two&#xd;
prior steps: parsing and fusion, which are needed to combine information from&#xd;
different data sources in NSM. MSNM is useful to prioritize and diagnose&#xd;
anomalies, which is congruent with the security team’s workflow.&#xd;
In this PhD, we start from the MSNM methodology and introduce a&#xd;
number of enhancements: i) a pre-processing method to consider the cyclostationarity&#xd;
of the data (e.g. the cycles existing during day and night or weeks&#xd;
and weekends), ii) a methodology for the comparison of diagnosis methods,&#xd;
and iii) a univariate method for diagnosis. Furthermore, the pre-processing and&#xd;
diagnosis methods, as well as some of other existing extensions for MSNM&#xd;
are evaluated and compared with other reference methods using a real network&#xd;
data set for the first time. The application on real network data allows to assess&#xd;
the MSNM extensions under realistic conditions, yielding a more accurate&#xd;
perspective of their performance.&#xd;
This research work shows the existing symbiosis between industrial processes&#xd;
and network security, introducing enhancements that are of interest for&#xd;
both topics and that open new lines of research exploring the synergy between&#xd;
MSPC and MSNM.</dc:description>
      <dc:date>2021-04-14T08:40:39Z</dc:date>
      <dc:date>2021-04-14T08:40:39Z</dc:date>
      <dc:date>2021</dc:date>
      <dc:date>2020-01-17</dc:date>
      <dc:type>info:eu-repo/semantics/doctoralThesis</dc:type>
      <dc:identifier>Fuentes García, Noemí Marta. Multivariate Statistical Network Monitoring for Network Security based on Principal Component Analysis. Granada: Universidad de Granada, 2021. [http://hdl.handle.net/10481/67941]</dc:identifier>
      <dc:identifier>9788413068237</dc:identifier>
      <dc:identifier>http://hdl.handle.net/10481/67941</dc:identifier>
      <dc:language>eng</dc:language>
      <dc:rights>http://creativecommons.org/licenses/by-nc-nd/3.0/es/</dc:rights>
      <dc:rights>info:eu-repo/semantics/openAccess</dc:rights>
      <dc:rights>Atribución-NoComercial-SinDerivadas 3.0 España</dc:rights>
      <dc:publisher>Universidad de Granada</dc:publisher>
   </ow:Publication>
</rdf:RDF>