A Service Architecture Using Machine Learning to Contextualize Anomaly Detection

Brandon Laughlin, Karthik Sankaranarayanan, Khalil El-Khatib

Source Title: Journal of Database Management (JDM)31(1)

ISSN: 1063-8016|EISSN: 1533-8010|EISBN13: 9781799804697|DOI: 10.4018/JDM.2020010104

MLA

Laughlin, Brandon, et al. "A Service Architecture Using Machine Learning to Contextualize Anomaly Detection." JDM vol.31, no.1 2020: pp.64-84. http://doi.org/10.4018/JDM.2020010104

APA

Laughlin, B., Sankaranarayanan, K., & El-Khatib, K. (2020). A Service Architecture Using Machine Learning to Contextualize Anomaly Detection. Journal of Database Management (JDM), 31(1), 64-84. http://doi.org/10.4018/JDM.2020010104

Chicago

Laughlin, Brandon, Karthik Sankaranarayanan, and Khalil El-Khatib. "A Service Architecture Using Machine Learning to Contextualize Anomaly Detection," Journal of Database Management (JDM) 31, no.1: 64-84. http://doi.org/10.4018/JDM.2020010104

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

This article introduces a service that helps provide context and an explanation for the outlier score given to any network flow record selected by the analyst. The authors propose a service architecture for the delivery of contextual information related to network flow records. The service constructs a set of contexts for the record using features including the host addresses, the application in use and the time of the event. For each context the service will find the nearest neighbors of the record, analyze the feature distributions and run the set through an ensemble of unsupervised outlier detection algorithms. By viewing the records in shifting perspectives one can get a better understanding as to which ways the record can be considered an anomaly. To take advantage of the power of visualizations the authors demonstrate an example implementation of the proposed service architecture using a linked visualization dashboard that can be used to compare the outputs.