Towards adaptive anomaly detection in cellular mobile networks

Location information is an important feature of users' mobility profile in cellular mobile networks. In this paper, continuing our existing work on constructing a mobility-based anomaly detection scheme, we further address a challenging problem - how to adaptively adjust the detection threshold of Intrusion Detection Systems (IDSs) in the context of cellular mobile networks. This is especially critical when we consider the different mobility patterns demonstrated by the mobile users. Utilizing a high order Markov model, we apply a weighted blending scheme to compute the entropy of our Exponentially Weighted Moving Average (EWMA) based mobility trie. This reflection of the uncertainness of the users' normal profile could help us adaptively adjust the detection threshold of our anomaly detection algorithm. Simulation results show that our proposed adaptive mechanisms can further reduce the false positive rate without decreasing the detection rate. Detailed analysis of the simulation results is also provided.

[1]  Charles E. Heckler,et al.  Applied Multivariate Statistical Analysis , 2005, Technometrics.

[2]  Peter Reichl,et al.  How to increase security in mobile networks by anomaly detection , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[3]  Sajal K. Das,et al.  LeZi-Update: An Information-Theoretic Framework for Personal Mobility Tracking in PCS Networks , 2002, Wirel. Networks.

[4]  Refik Molva,et al.  IDAMN: An Intrusion Detection Architecture for Mobile Networks , 1997, IEEE J. Sel. Areas Commun..

[5]  Yi-Bing Lin,et al.  Potential Fraudulent Usage in Mobile Telecommunications Networks , 2002, IEEE Trans. Mob. Comput..

[6]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[7]  Victor C. M. Leung,et al.  Enhancing security using mobility-based anomaly detection in cellular mobile networks , 2006, IEEE Trans. Veh. Technol..

[8]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .