By Topic

Evaluation of an Online Parallel Anomaly Detection System

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Shanbhag, S. ; Dept. of Electr. & Comput. Eng., Univ. of Massachusetts, Amherst, MA ; Wolf, T.

The rapid and accurate detection of anomalies in network traffic has always been a challenging task, and is absolutely critical to the efficient operation of the network. The availability of numerous different detection algorithms makes it difficult to choose a suitable configuration. An algorithm may have a high detection rate for high rate attacks, but might behave unfavorably when faced with attacks with gradually increasing rates. This paper proposes an online parallel anomaly detection system that implements multiple anomaly detection algorithms in parallel to detect anomalies in real-time. The main idea is to aggregate the detection data from multiple algorithms to come up with a single anomaly metric. We evaluate this system with realistic attacks on the DETER testbed. Our results show improved true positive and false negative rates for both high intensity and slow-rise ramped floods. Furthermore, the system is able to detect attacks separated by as little as 15 seconds with a high true positive rate.

Published in:

Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE

Date of Conference:

Nov. 30 2008-Dec. 4 2008