Detecting Anomalies in Network Behavior and Identifying Threats Using Statistical Process Control Open Access
Downloadable ContentDownload PDF
For decades, manufacturers have used statistical process control charts to detect process variations and identify assignable causes. Shewhart charts are one of the many techniques employed in manufacturing that allow machine operators, not statisticians or engineers, to record, trend, and identify events indicating a deviation from normal operations and therefore requiring immediate attention. This Praxis will discuss how front-line cybersecurity analysts can use Shewhart charts to identify potential network attacks in near real time. The first chapter provides a brief history of the Shewhart chart. The second chapter discusses the research already completed, compares the relatively new UNSW-NB15 data set to previous data sets, and provides a case study using the UNSW-NB15 data set to evaluate the effectiveness of Shewhart charts in detecting network attacks for the first time. The Praxis concludes with a discussion of the successes and shortcomings of the research conducted and provides recommendations for future work.