Skip to Main Content
We present 'D-CAD,' a novel divergence-measure based classification method for anomaly detection in network traffic. The D-CAD method identifies anomalies by performing classification on features drawn from software sensors that monitor network traffic. We compare the performance of the D-CAD method with two classifier based anomaly detection methods implemented using supervised Bayesian estimation and supervised maximum-likelihood estimation. Results show that the area under receiver operating characteristic curve (AUC) of the D-CAD method is as high as 0.9524, compared to an AUC value of 0.9102 of the supervised maximum-likelihood estimation based anomaly detection method and to an AUC value of 0.8887 of the supervised Bayesian estimation based anomaly detection method.
Date of Conference: 15-17 April 2007