Title :
Accurate anomaly detection through parallelism
Author :
Shanbhag, Shashank ; Wolf, Tilman
Author_Institution :
Univ. of Massachusetts, Amherst, MA
Abstract :
In this article we discuss the design and implementation of a real-time parallel anomaly detection system. The key idea is to use multiple existing anomaly detection algorithms in parallel on thousands of network traffic subclasses, which not only enables us to detect hidden anomalies but also to increase the accuracy of the system. The main challenge then is the management and aggregation of the vast amount of data generated. We propose a novel aggregation process that uses the internal continuous anomaly metrics used by the algorithms to output a single system-wide anomaly metric. The evaluation on real-world attack traces shows a lower false positive rate and false negative rate than any individual anomaly detection algorithm.
Keywords :
computer network management; parallel algorithms; real-time systems; security of data; telecommunication security; telecommunication traffic; aggregation process; anomaly detection algorithm; internal continuous anomaly metric; network traffic; real-time parallel anomaly detection system; single system-wide anomaly metric; Aggregates; Algorithm design and analysis; Atherosclerosis; Detection algorithms; Frequency; Monitoring; Parallel processing; Signal processing algorithms; Telecommunication traffic; Workstations;
Journal_Title :
Network, IEEE
DOI :
10.1109/MNET.2009.4804320
