Accurate Anomaly Detection through Parallelism

作     者：Shanbhag, Shashank Wolf, Tilman 

作者机构：Univ Massachusetts Dept Elect & Comp Engn Amherst MA 01003 USA 

出 版 物：《IEEE NETWORK》 (IEEE Network)

年 卷 期：2009年第23卷第1期

页      面：22-28页

核心收录：

学科分类：0810[工学-信息与通信工程] 0808[工学-电气工程] 08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：National Science Foundation [CNS-0325868] 

主　　题：COMPUTER algorithms COMPUTER programming LOCAL area networks (Computer networks) COMPUTER science DATA transmission systems COMPUTER security COMPUTER industry 

摘      要：In this article we discuss the design and implementation of a real-time parallel anomaly detection system. The key idea is to use multiple existing anomaly detection algorithms in parallel on thousands of network traffic subclasses, which not only enables us to detect hidden anomalies but also to increase the accuracy of the system. The main challenge then is the management and aggregation of the vast amount of data generated. We propose a novel aggregation process that uses the internal continuous anomaly metrics used by the algorithms to output a single system-wide anomaly metric. The evaluation on real-world attack traces shows a lower false positive rate and false negative rate than any individual anomaly detection algorithm.