Telosian: Reducing False Positives in Real-Time Cyber Anomaly Detection by Fast Adaptation to Concept Drift

Iker  Antonio Olarra Maldonado; Erik Meeuwissen; Puck de Haan; Rob van der Mei

doi:10.5220/0013320500003899

Telosian: Reducing False Positives in Real-Time Cyber Anomaly Detection by Fast Adaptation to Concept Drift

Iker Antonio Olarra Maldonado, Erik Meeuwissen, Puck de Haan, Rob van der Mei

2025

Abstract

We propose Telosian∗, an unsupervised anomaly detection model that dynamically adapts to concept drift. Telosian uses a novel update scheme that measures drift and adapts the model accordingly. We show that our update is faster than existing methods and results in an increased detection performance by reducing false positives. In practice this will also reduce the workload of security teams. Moreover, through our experiments, we show the importance of considering concept drift when deploying models. Further, the proposed model is designed to be easily implemented in practice, taking into account the ease of deployment and reducing operational costs without sacrificing detection performance. Additionally, we provide clear guidelines on how such an implementation should be done. Moreover, we investigate the presence of drift in popular datasets and conclude that the amount of drift is limited. We call on the academic community to develop more (cyber security) datasets that capture drift.

Download

Paper Citation

in Harvard Style

Maldonado I., Meeuwissen E., de Haan P. and van der Mei R. (2025). Telosian: Reducing False Positives in Real-Time Cyber Anomaly Detection by Fast Adaptation to Concept Drift. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 84-97. DOI: 10.5220/0013320500003899

in Bibtex Style

@conference{icissp25,
author={Iker Maldonado and Erik Meeuwissen and Puck de Haan and Rob van der Mei},
title={Telosian: Reducing False Positives in Real-Time Cyber Anomaly Detection by Fast Adaptation to Concept Drift},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={84-97},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013320500003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP
TI - Telosian: Reducing False Positives in Real-Time Cyber Anomaly Detection by Fast Adaptation to Concept Drift
SN - 978-989-758-735-1
AU - Maldonado I.
AU - Meeuwissen E.
AU - de Haan P.
AU - van der Mei R.
PY - 2025
SP - 84
EP - 97
DO - 10.5220/0013320500003899
PB - SciTePress