On the usefulness of machine learning techniques in collaborative anomaly detection

Due to the increase in network attacks, anomaly detection has gained importance. In this paper, we present and investigate the idea of institutions cooperating for performing anomaly detection, i.e. institutions jointly analyzing their network traffic, in order to identify malicious attacks, using classification-based machine learning techniques. We compare the results of such a collaborative analysis with a single analysis. Moreover, as institutions might not be willing to share confidential data, we analyze the benefits of a collaborative approach if some parts of the traffic are being anonymized. While, intuitively, having more data at hand should lead to improved detection rates, our results indicate that a federated analysis using standard classification-based methods improves detection rates only slightly. Moreover, when using anonymized data, the obtained detection rates of a joint data analysis further deteriorate such that the analysis of individual traffic is more useful. Thus, our research indicates that the classical classification based machine learning approaches for anomaly detection must be adapted and improved in order to leverage the advantage of having data from various sources.