ABSTRACT

The evolution of intelligent computer networks, distributed processing facilities, range of communication protocols, and arrays of smart devices has significantly raised the importance of cyber security. Many organizations today implement a variety of intrusion detection and prevention systems and employ cyber security experts to protect their Internet-enabled interests. As the complexities and sophistication of attack vectors increase, the need for more robust and sophisticated detection methods also simultaneously increases. Effective detection methods should not only be able to detect known and unknown attacks but also should adapt themselves to the frequently changing environment of network traffic behavior. Anomaly detection is a multidisciplinary task which requires the use of involved mathematical techniques for mining big data. The Kernel-based Online Anomaly Detection (KOAD) algorithm has recently become a popular tool for real-time anomaly detection. This chapter provides a detailed derivation, development, and description of the algorithm. While the KOAD algorithm was introduced earlier, a mathematically detailed derivation of it has been lacking in literature. A detailed derivation of its development is necessary for future researchers to be able to extend its anomaly detection capabilities to also incorporate real-time anomaly diagnosis and classification abilities, and to develop additional subroutines to set its thresholds autonomously.