Meta-Morisita Index: Anomaly Behaviour Detection for Large Scale Tracking Data with Spatio-Temporal Marks

2017 IEEE International Conference on Data Mining Workshops (ICDMW) Pub Date : 2017-11-01 DOI:10.1109/ICDMW.2017.95

Zhao Yang, N. Japkowicz

{"title":"Meta-Morisita Index: Anomaly Behaviour Detection for Large Scale Tracking Data with Spatio-Temporal Marks","authors":"Zhao Yang, N. Japkowicz","doi":"10.1109/ICDMW.2017.95","DOIUrl":null,"url":null,"abstract":"In this paper, we propose a work flow for processing and analysing large-scale tracking data with spatio-temporal marks that uses an infrastructure for machine learning methods based on a meta-data representation of point patterns. The tracking log (IP address) of cyber security devices usually maps to geolocation and timestamp, such data is called spatiotemporal data. Existing spatio-temporal analysis methods do not include a specific mechanism for analysing meta-data (point pattern information) generated from large-scale tracking data with spatio-temporal marks. In this work, we extend a spatial point pattern analysis method (the Morisita Index) with metadata analysis, which includes anomaly behaviour detection and unsupervised learning to support spatio-temporal data analysis (on both physical and cyber data) and demonstrate its practical use. The resulting work flow has a robust capability to detect anomalies among large-scale tracking data with spatio-temporal marks using meta-data based on point pattern analysis and returns visualized reports to end users.","PeriodicalId":389183,"journal":{"name":"2017 IEEE International Conference on Data Mining Workshops (ICDMW)","volume":"48 12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Conference on Data Mining Workshops (ICDMW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDMW.2017.95","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

In this paper, we propose a work flow for processing and analysing large-scale tracking data with spatio-temporal marks that uses an infrastructure for machine learning methods based on a meta-data representation of point patterns. The tracking log (IP address) of cyber security devices usually maps to geolocation and timestamp, such data is called spatiotemporal data. Existing spatio-temporal analysis methods do not include a specific mechanism for analysing meta-data (point pattern information) generated from large-scale tracking data with spatio-temporal marks. In this work, we extend a spatial point pattern analysis method (the Morisita Index) with metadata analysis, which includes anomaly behaviour detection and unsupervised learning to support spatio-temporal data analysis (on both physical and cyber data) and demonstrate its practical use. The resulting work flow has a robust capability to detect anomalies among large-scale tracking data with spatio-temporal marks using meta-data based on point pattern analysis and returns visualized reports to end users.

查看原文本刊更多论文

Meta-Morisita索引:带时空标记的大规模跟踪数据异常行为检测

在本文中，我们提出了一个用于处理和分析具有时空标记的大规模跟踪数据的工作流程，该流程使用基于点模式元数据表示的机器学习方法的基础设施。网络安全设备的跟踪日志(IP地址)通常映射到地理位置和时间戳，这种数据称为时空数据。现有的时空分析方法不包括分析元数据(点模式信息)的特定机制，这些元数据是由带有时空标记的大规模跟踪数据产生的。在这项工作中，我们将空间点模式分析方法(Morisita Index)扩展为元数据分析，其中包括异常行为检测和无监督学习，以支持时空数据分析(物理和网络数据)并演示其实际应用。由此产生的工作流程具有强大的能力，可以使用基于点模式分析的元数据检测具有时空标记的大规模跟踪数据中的异常情况，并向最终用户返回可视化报告。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 IEEE International Conference on Data Mining Workshops (ICDMW)

自引率

0.00%

发文量