Network Anomaly Detection with Stable Distributions
Abstract
Network anomaly detection must be automated to meet requirements for real-time, accurate monitoring in the face of exponentially growing traffic volumes; however, this accuracy is often reduced when Gaussian methods are applied to non-Gaussian network traffic. To improve detection accuracy at requisite low false-alarm rates, we propose modeling network traffic and detecting anomalies using an entirely non-Gaussian methodology based on the a-stable distribution and appropriately-derived stable estimators. Using three publicly-available network traffic traces, we show that the non-Gaussian stable distribution provides a more accurate traffic model under benign and attack scenarios, as well as a mixture of these conditions. In this research, we demonstrate that an a-stable traffic model enables adaptive techniques while significantly reducing data fit errors. To improve the accuracy of anomaly detection, computationally-efficient, a-stable -derived location and dispersion estimators are identified and developed. These estimators are implemented in a novel proof-of-concept, non-parametric, non-Gaussian detection system based on a-stable principles. The proposed real-time detection system achieves higher accuracy at a lower error rate than equivalent Gaussian methods and comparable state-of-the-practice techniques.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2018
- Accession Number
- AD1143584
Entities
People
- C. A. Bollman
Organizations
- Naval Postgraduate School