STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Deflation Techniques for an Implicitly Restarted Arnoldi Iteration
SIAM Journal on Matrix Analysis and Applications
Multiparty Computation with Faulty Majority
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Candid Covariance-Free Incremental Principal Component Analysis
IEEE Transactions on Pattern Analysis and Machine Intelligence
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Diagnosing network disruptions with network-wide analysis
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Reval: a tool for real-time evaluation of DDoS mitigation strategies
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Protocols for secure computations
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Scalable Multiparty Computation with Nearly Optimal Work and Resilience
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Detecting large-scale system problems by mining console logs
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
ANTIDOTE: understanding and defending against poisoning of anomaly detectors
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Secure linear algebra using linearly recurrent sequences
TCC'07 Proceedings of the 4th conference on Theory of cryptography
URCA: pulling out anomalies by their root causes
INFOCOM'10 Proceedings of the 29th conference on Information communications
Algebraic geometric secret sharing schemes and secure multi-party computations over small fields
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Private and verifiable interdomain routing decisions
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
k-indistinguishable traffic padding in web applications
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Private and verifiable interdomain routing decisions
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
| Hi-index | 0.00 |
Detection of malicious traffic in the Internet would be much easier if ISP networks shared their traffic traces. Unfortunately, state-ofthe-art anomaly detection algorithms require detailed traffic information which is considered extremely private by operators. To address this, we propose an algorithm that allows ISPs to cooperatively detect anomalies without requiring them to reveal private traffic information. We leverage secure multiparty computation to design a privacy-preserving variant of principal component analysis (PCA) that limits information propagation across domains. PCA is a well-proven technique for isolating anomalies on network traffic and we target a design that retains its scalability and accuracy. To validate our approach, we evaluate an implementation of our design against traces from the Abilene Internet2 IP backbone network as well as synthetic traces, show that it performs efficiently to support an online anomaly detection system and and conclude that privacy-preserving anomaly detection shows promise as a key element of a wider network anomaly detection framework. In the presence of increasingly serious threats from modern networked malware, our work provides a first step towards enabling larger-scale cooperation across ISPs in the presence of privacy concerns.