Unit name | Anomaly Detection |
---|---|
Unit code | MATHM0030 |
Credit points | 10 |
Level of study | M/7 |
Teaching block(s) |
Teaching Block 1B (weeks 7 - 12) |
Unit director | Professor. Rubin-Delanchy |
Open unit status | Not open |
Pre-requisites |
MATH11300 Probability 1, MATH11400 Statistics 1, and MATH20800 Statistics 2 |
Co-requisites |
None |
School/department | School of Mathematics |
Faculty | Faculty of Science |
Unit Aims
This unit aims to introduce models of normal network behaviour, anomaly detection, and the process of combining and screening anomalies over space and time.
Unit Description
It will provide the mathematical & statistical underpinnings of anomaly detection for cybersecurity data. It will cover the following topics: dynamic network models, fundamentals of hypothesis testing, combining and screening anomalies, Bayesian methods, Monte-Carlo approaches. In coursework assignments, students will use network, point process and cluster models to find anomalies in real cyber security data.
ILO1: to recognise and apply a range of models for dynamic network data, and their estimation
ILO2: to understand core anomaly detection concepts and tools, including mastering theory and interpretation of hypothesis tests, controlling false positive rates and performing meta-analysis
ILO3: to apply these anomaly detection tools to analyse real large-scale data and report the results
The unit will be taught through a combination of
90% Timed, open-book examination 10% Coursework
Raw scores on the examinations will be determined according to the marking scheme written on the examination paper. The marking scheme, indicating the maximum score per question, is a guide to the relative weighting of the questions. Raw scores are moderated as described in the Undergraduate Handbook.
If you fail this unit and are required to resit, reassessment is by a written examination in the August/September Resit and Supplementary exam period.
Recommended