Bivariate Non-parametric Anomaly Detection

Detecting anomalous traffic with low false alarm rates is of primary interest in IP networks management. In this paper we propose a novel anomaly detection system, based on a combined use of sketches and of a novel bivariate non-parametric detection method. The latter allows us to simultaneously analyse two different traffic features so as to improve the performance of the "classical" detection systems, in terms of both detection rate and false alarm rate. The preliminary performance analysis, presented in this paper, demonstrates the effectiveness of the proposed system.

[1]  Christian Callegari,et al.  A Methodological Overview on Anomaly Detection , 2013, Data Traffic Monitoring and Analysis.

[2]  Christian Callegari,et al.  When randomness improves the anomaly detection performance , 2010, 2010 3rd International Symposium on Applied Sciences in Biomedical and Communication Technologies (ISABEL 2010).

[3]  Christian Callegari,et al.  Detecting anomalies in backbone network traffic: a performance comparison among several change detection methods , 2012, Int. J. Sens. Networks.

[4]  Kensuke Fukuda,et al.  Seven Years and One Day: Sketching the Evolution of Internet Traffic , 2009, IEEE INFOCOM 2009.

[5]  Osman Salem,et al.  A scalable, efficient and informative approach for anomaly‐based intrusion detection systems: theory and practice , 2010, Int. J. Netw. Manag..

[6]  Xenofontas A. Dimitropoulos,et al.  Histogram-based traffic anomaly detection , 2009, IEEE Transactions on Network and Service Management.

[7]  Christian Callegari,et al.  Combining sketches and wavelet analysis for multi time-scale network anomaly detection , 2011, Comput. Secur..

[8]  Christian Callegari,et al.  Sketch-based multidimensional IDS: A new approach for network anomaly detection , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[9]  Urbashi Mitra,et al.  Parametric Methods for Anomaly Detection in Aggregate Traffic , 2011, IEEE/ACM Transactions on Networking.

[10]  Yan Chen,et al.  Reversible sketches for efficient and accurate change detection over network data streams , 2004, IMC '04.

[11]  Kensuke Fukuda,et al.  Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures , 2007, LSAD '07.

[12]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[13]  Graham Cormode,et al.  An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[14]  Marina Thottan,et al.  Anomaly detection in IP networks , 2003, IEEE Trans. Signal Process..

[15]  Balachander Krishnamurthy,et al.  Sketch-based change detection: methods, evaluation, and applications , 2003, IMC '03.