Accurate anomaly detection through parallelism

Authors:
Shashank Shanbhag;Tilman Wolf
Affiliations:
University of Massachusetts;University of Massachusetts
Venue:
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
Year:
2009

Citing 7
Cited 6

A signal analysis of network traffic anomalies

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Code-Red: a case study on the spread and victims of an internet worm

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A framework for classifying denial of service attacks

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Aberrant Behavior Detection in Time Series for Network Monitoring

LISA '00 Proceedings of the 14th USENIX conference on System administration
Change-Point Monitoring for the Detection of DoS Attacks

IEEE Transactions on Dependable and Secure Computing
An Architecture for Distributed Real-Time Passive Network Measurement

MASCOTS '06 Proceedings of the 14th IEEE International Symposium on Modeling, Analysis, and Simulation
Detecting anomalies in network traffic using maximum entropy estimation

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement

MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking

Proceedings of the 6th International COnference
Deep packet pre-filtering and finite state encoding for adaptive intrusion detection system

Computer Networks: The International Journal of Computer and Telecommunications Networking
Unsupervised Weight Parameter Estimation Method for Ensemble Learning

Journal of Mathematical Modelling and Algorithms
Review: Intrusion detection system: A comprehensive review

Journal of Network and Computer Applications
Event stream database based architecture to detect network intrusion: (industry article)

Proceedings of the 7th ACM international conference on Distributed event-based systems
Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications

Information Sciences: an International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this article we discuss the design and implementation of a real-time parallel anomaly detection system. The key idea is to use multiple existing anomaly detection algorithms in parallel on thousands of network traffic subclasses, which not only enables us to detect hidden anomalies but also to increase the accuracy of the system. The main challenge then is the management and aggregation of the vast amount of data generated. We propose a novel aggregation process that uses the internal continuous anomaly metrics used by the algorithms to output a single system-wide anomaly metric. The evaluation on real-world attack traces shows a lower false positive rate and false negative rate than any individual anomaly detection algorithm.