Accuracy improving guidelines for network anomaly detection systems |
| |
Authors: | Ayesha Binte Ashfaq Muhammad Qasim Ali Syed Ali Khayam |
| |
Affiliation: | (1) Bell Labs, Alcatel-Lucent, 600-700 Mountain Avenue, Murray Hill, NJ, 07974, U.S.A.;(2) Division of Mathematics and Sciences, Roane State Community College, 276 Patton Lane, Harriman, TN, 37748, U.S.A.;(3) School of Electrical and Computer Engineering, Georgia Institute of Technology, 777 Atlantic Drive, Atlanta, GA, 30332, U.S.A. |
| |
Abstract: | An unprecedented growth in computer and communication systems in the last two decades has resulted in a proportional increase
in the number and sophistication of network attacks. In particular, the number of previously-unseen attacks has increased
exponentially in the last few years. Due to the rapidly evolving nature of network attacks, a considerable paradigm shift
has taken place in the intrusion detection community. The main focus is now on Network Anomaly Detection Systems (NADSs) which
model and flag deviations from normal/benign behavior of a network and can hence detect previously-unseen attacks. Contemporary
NADS borrow concepts from a variety of theoretical fields (e.g., Information theory, stochastic and machine learning, signal
processing, etc.) to model benign behavior. These NADSs, however, fall short of achieving acceptable performance levels as
therefore widespread commercial deployments. Thus, in this paper, we firstly evaluate the performance of eight prominent network-based
anomaly detectors under malicious portscan attacks to identify which NADSs perform better than others and why. These NADSs
are evaluated on three criteria: accuracy (ROC curves), scalability (with respect to varying normal and attack traffic rates,
and deployment points) and detection delay. These criteria are evaluated using two independently collected datasets with complementary
strengths. We then propose novel methods and promising guidelines to improve the accuracy and scalability of existing and
future anomaly detectors. Experimental analysis of the proposed guidelines is also presented for the proof of concept. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|