Network anomaly detection with stable distributions
Loading...
Authors
Bollmann, C.A.
Subjects
alpha stable distribution
statistical network anomaly detection
non-parametric anomaly detection
levy location
sample myriad
zero order statistics
zero order location
zero order dispersion
non-Gaussian detection
heavy-detailed detection
alpha-stable network anomaly detection
stable attribute estimator
statistical network anomaly detection
non-parametric anomaly detection
levy location
sample myriad
zero order statistics
zero order location
zero order dispersion
non-Gaussian detection
heavy-detailed detection
alpha-stable network anomaly detection
stable attribute estimator
Advisors
Tummala, Murali
McEachen, John
Date of Issue
2018-03
Date
March 2018
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Network anomaly detection must be automated to meet requirements for real-time, accurate monitoring in the face of exponentially growing traffic volumes; however, this accuracy is often reduced when Gaussian methods are applied to non-Gaussian network traffic.
To improve detection accuracy at requisite low false-alarm rates, we propose modeling network traffic and detecting anomalies using
an entirely non-Gaussian methodology based on the α-stable distribution and appropriately-derived stable estimators.
Using three publicly-available network traffic traces, we show that the non-Gaussian stable distribution provides a more ac curate traffic model under benign and attack scenarios, as well as a mixture of these conditions. In this research, we demonstrate
that an α-stable traffic model enables adaptive techniques while significantly reducing data fit errors. To improve the accuracy of
anomaly detection, computationally-efficient, α-stable -derived location and dispersion estimators are identified and developed. These
estimators are implemented in a novel proof-of-concept, non-parametric, non-Gaussian detection system based on α-stable principles.
The proposed real-time detection system achieves higher accuracy at a lower error rate than equivalent Gaussian methods and
comparable state-of-the-practice techniques.
Type
Dissertation
Description
Series/Report No
Department
Electrical and Computer Engineering (ECE)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, it may not be copyrighted.