Article thumbnail

Progressive Differential Thresholding for Network Anomaly Detection

By Sardar Ali, Hassan Khan, Muhammad Ahmad and Syed Ali Khayam

Abstract

Abstract—In this paper, we propose a Progressive Differ-ential Thresholding (PDT) framework for coordinated net-work anomaly detection. Under the proposed framework, nodes present on a packet’s path progressively encode their opinion (malicious or benign) inside a packet. Subsequent nodes on the path use the encoded opinion as side-information to adapt their anomaly detection thresholds and in turn improve their classifica-tion accuracies. Accuracy benefits of PDT are evaluated through experimental evaluations of multiple non-proprietary anomaly detectors on a publicly-available attack dataset. These evaluations indicate that, while being distributed and having negligible complexity and communication overheads, the proposed PDT framework provides considerable and consistent improvements in anomaly detection accuracy. We observe upto 54 % improvements in ADS detection accuracy while upto 4 times reduction in the false alarm rates. I

Year: 2014
OAI identifier: oai:CiteSeerX.psu:10.1.1.469.119
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://wisnet.seecs.nust.edu.p... (external link)
  • http://wisnet.seecs.nust.edu.p... (external link)
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://wisnet.seecs.nust.edu.p... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.