Resilient real-time network anomaly detection using novel non-parametric statistical tests
Loading...
Authors
Bollmann, Chad A.
Tummala, Murali
McEachen, John C.
Subjects
Non-parametric estimation Alpha-stable
Statistical network anomaly detection
Denial of service attack
Statistical network anomaly detection
Denial of service attack
Advisors
Date of Issue
2021
Date
Publisher
Elsevier
Language
Abstract
This work describes a novel application of robust estimation to the detection of volumetric anomalies in computer network traffic. The proposed tests are based on sample location and dispersion and derived from relatively unknown Zero Order Statistics. The proposed tests are non-parametric and suitable for a range of applications to heavy-tailed data analysis outside of network traffic. The performance of these tests is examined using two different real-world denial-of-service attacks contained in actual high-volume backbone traffic. The proposed tests outperform traditional metrics such as mean and variance due to the presence of heavy tails in the network traffic, a frequent characteristic of traffic in actual networks. Monte Carlo analysis is used to quantify the performance gains and show an improvement in accuracy between 7 and 11% at very low false alarm rates. The proposed tests also demonstrate equivalent or superior performance to the median, a common robust statistic. Constructive timing of key system processes is used to demonstrate near real-time perfor- mance. Three- and six- second data windows containing between 750 and 1200 elements can be processed in less than one second using commodity hardware running unoptimized code. These timing results imply scalability to a variety of networks and commercial ap- plications. Scalability prospects are further enhanced by demonstrating resilient detection performance at attack volumes between 25 and 100 percent of baseline rates in both real and generated traffic.
Type
Article
Description
17 USC 105 interim-entered record; under review.
The article of record as published may be found at https://doi.org/10.1016/j.cose.2020.102146
The article of record as published may be found at https://doi.org/10.1016/j.cose.2020.102146
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funder
This document is the results of research funded by the Laboratory for Telecommunications Sciences under various proposals, US Air Force under Proposal F4F5AY8158G102, and US Navy Naval Research Program under Proposal NPS-19-N039A.
Format
14 p.
Citation
Bollmann, Chad A., Murali Tummala, and John C. McEachen. "Resilient real-time network anomaly detection using novel non-parametric statistical tests." Computers & Security 102 (2021): 102146.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.