Title :
Robust anomaly detection in dynamic networks
Author :
Jing Wang ; Paschalidis, Ioannis C.
Author_Institution :
Div. of Syst. Eng., Boston Univ., Boston, MA, USA
Abstract :
We propose two robust methods for anomaly detection in dynamic networks in which the properties of normal traffic evolve dynamically. We formulate the robust anomaly detection problem as a binary composite hypothesis testing problem and propose two methods: a model-free and a model-based one, leveraging techniques from the theory of large deviations. Both methods require a family of Probability Laws (PLs) that represent normal properties of traffic. We devise a two-step procedure to estimate this family of PLs. We compare the performance of our robust methods and their vanilla counterparts, which assume that normal traffic is stationary, on a network with a diurnal normal pattern and a common anomaly related to data exfiltration. Simulation results show that our robust methods perform better than their vanilla counterparts in dynamic networks.
Keywords :
Internet; computer network security; network theory (graphs); probability; statistical testing; telecommunication traffic; PLs; binary composite hypothesis testing problem; data exfiltration; diurnal normal pattern; dynamic networks; large deviation theory; model-based methods; normal traffic properties; probability laws; robust anomaly detection problem; two-step procedure; vanilla model-free methods; Internet; Monitoring; Ports (Computers); Robustness; Servers; Stochastic processes; Testing; Robust statistical anomaly detection; binary composite hypothesis testing; large deviations theory; set covering;
Conference_Titel :
Control and Automation (MED), 2014 22nd Mediterranean Conference of
Conference_Location :
Palermo
Print_ISBN :
978-1-4799-5900-6
DOI :
10.1109/MED.2014.6961410
