Robust anomaly detection in dynamic networks

Author

Jing Wang ; Paschalidis, Ioannis C.

Author_Institution

Div. of Syst. Eng., Boston Univ., Boston, MA, USA

fYear

2014

fDate

16-19 June 2014

Firstpage

428

Lastpage

433

Abstract

We propose two robust methods for anomaly detection in dynamic networks in which the properties of normal traffic evolve dynamically. We formulate the robust anomaly detection problem as a binary composite hypothesis testing problem and propose two methods: a model-free and a model-based one, leveraging techniques from the theory of large deviations. Both methods require a family of Probability Laws (PLs) that represent normal properties of traffic. We devise a two-step procedure to estimate this family of PLs. We compare the performance of our robust methods and their vanilla counterparts, which assume that normal traffic is stationary, on a network with a diurnal normal pattern and a common anomaly related to data exfiltration. Simulation results show that our robust methods perform better than their vanilla counterparts in dynamic networks.

Keywords

Internet; computer network security; network theory (graphs); probability; statistical testing; telecommunication traffic; PLs; binary composite hypothesis testing problem; data exfiltration; diurnal normal pattern; dynamic networks; large deviation theory; model-based methods; normal traffic properties; probability laws; robust anomaly detection problem; two-step procedure; vanilla model-free methods; Internet; Monitoring; Ports (Computers); Robustness; Servers; Stochastic processes; Testing; Robust statistical anomaly detection; binary composite hypothesis testing; large deviations theory; set covering;

fLanguage

English

Publisher

ieee

Conference_Titel

Control and Automation (MED), 2014 22nd Mediterranean Conference of

Conference_Location

Palermo

Print_ISBN

978-1-4799-5900-6

Type

conf

DOI

10.1109/MED.2014.6961410

Filename

6961410