Fill out our Daily Orange reader survey to make our paper better


ASK THE EXPERTS

Syracuse University researchers publish book on malicious computer anomalies

Daily Orange File Photo

Professors in Syracuse University’s College of Engineering and Computer Science have published a new book on the similarities between malicious anomalies in computer technology.

Malicious anomalies include credit card fraud, electronic seizures in heart-monitoring technology and malware in computer systems.

Algorithms used to discover these anomalies are detailed in the new book, “Anomaly Detection Principles and Algorithms,” which was written by SU Research and Emeritus Professor Kishan Mehrotra, Professor Chilukuri Mohan and alumnus HuaMing Huang.

The Daily Orange spoke with Mohan, a professor of electrical engineering and computer science, to discuss algorithmic anomaly detection.  

The Daily Orange: What are anomaly detection algorithms?



Chilukuri Mohan: There are lots of data describing human behavior, as well as other various scientific and engineering problems … characterized by some normal behaviors. Anomalies are variations from these norms.

For instance, with credit card fraud detection, if you usually make certain kinds of purchases and suddenly there’s a purchase that is from a completely different place, or different country or something that you have never bought before — a substantial variation from your normal behavior — will be flagged by the credit card company. Credit card companies frequently do this.

There are many other examples in health. If you look at an (electroencephalography), there is a normal pattern you would expect and then an irregular heartbeat that would create a variation in the pattern.

Similarly, in cybersecurity, usually there are certain kinds of messages, and when something sticks out as unusual we signal that.

Anomalies lie in practically every human activity.

The D.O.: How long have these anomalies been known about?

C.M.: For a very long time. In cybersecurity, traditionally one approach is to look for patterns that are known to be problematic. This is like a blacklist approach, you know that there is something wrong with this — there is a signature of a malware — so you look for something similar to it.

On the other hand, anomaly detection tries to catch cases where you know what the normal traffic is supposed to look like and find the variation from that.

The D.O.: How long have you been working on these algorithms?

C.M.: For about six years.

The D.O.: How do these algorithms work? How can they be used to detect credit fraud?

C.M.: There is a few different variations. Some involve what happens overtime … a person may have normal behavior and you try to get an impression of this normal behavior then look for something that stands out from this normal behavior.

Another approach depends on the kinds of data. We abstractly say, in a multi-dimensional space, at any given point there is a certain point which describes this behavior and does this behavior stick out from all the other points?

The D.O.: Will they aid in prevention from criminals online? How? If not, is there something coming out that will?

C.M.: This inherently aids in prevention, but in detection first. When something is detected, then activity occurs to prevent that detection from becoming a problem.

The D.O.: Who is this book mainly for?

C.M.: This is for beginners who don’t know much about the field but are interested. This may be students, as well as practitioners in the software industry, or banking and other areas where this topic is important.

The D.O.: What is the next step in this field?

C.M.: There are a number of important applications people work on. We are currently working on a psychiatry application.

My students have developed an app which attempts to figure out where there is a depressed patient of a psychiatrist. It would show if there is something wrong mentally with them, like if they are about to hurt themselves.

In medicine, there are a number of applications. Diseases are manifested in a number of symptoms, so when there is a substantial change in those symptoms you can measure them and find out if something is going wrong.

There are a number of applications. This is going to continue to be very important in a number of fields.





Top Stories