Title :
Progressive Differential Thresholding for Network Anomaly Detection
Author :
Ali, Sardar ; Khan, Hassan ; Ahmad, Muhammad ; Khayam, Syed Ali
Author_Institution :
Sch. of Electr. Eng. & Comput. Sci. (SEECS), Nat. Univ. of Sci. & Technol. (NUST), Islamabad, Pakistan
Abstract :
In this paper, we propose a Progressive Differential Thresholding (PDT) framework for coordinated network anomaly detection. Under the proposed framework, nodes present on a packet´s path progressively encode their opinion (malicious or benign) inside a packet. Subsequent nodes on the path use the encoded opinion as side-information to adapt their anomaly detection thresholds and in turn improve their classification accuracies. Accuracy benefits of PDT are evaluated through experimental evaluations of multiple non-proprietary anomaly detectors on a publicly-available attack dataset. These evaluations indicate that, while being distributed and having negligible complexity and communication overheads, the proposed PDT framework provides considerable and consistent improvements in anomaly detection accuracy. We observe upto 54% improvements in ADS detection accuracy while upto 4 times reduction in the false alarm rates.
Keywords :
security of data; classification accuracies; communication overheads; coordinated network anomaly detection; false alarm rates reduction; multiple nonproprietary anomaly detectors; progressive differential thresholding; publicly-available attack dataset; Accuracy; Complexity theory; Detectors; Entropy; IP networks; Peer to peer computing; Servers;
Conference_Titel :
Communications (ICC), 2011 IEEE International Conference on
Conference_Location :
Kyoto
Print_ISBN :
978-1-61284-232-5
Electronic_ISBN :
1550-3607
DOI :
10.1109/icc.2011.5963249
