Abstract—In this paper, we propose a Progressive Differ-ential Thresholding (PDT) framework for coordinated net-work anomaly detection. Under the proposed framework, nodes present on a packet’s path progressively encode their opinion (malicious or benign) inside a packet. Subsequent nodes on the path use the encoded opinion as side-information to adapt their anomaly detection thresholds and in turn improve their classifica-tion accuracies. Accuracy benefits of PDT are evaluated through experimental evaluations of multiple non-proprietary anomaly detectors on a publicly-available attack dataset. These evaluations indicate that, while being distributed and having negligible complexity and communication overheads, the proposed PDT framework provides considerable and consistent improvements in anomaly detection accuracy. We observe upto 54 % improvements in ADS detection accuracy while upto 4 times reduction in the false alarm rates. I
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.