Abstract
This paper presents a possible improvement to one of the main statistical anomaly detection algorithms for cyber security applications, i.e., the covariance-based method. This algorithm employs covariance matrices to build a norm profile of the normal network traffic and to detect anomalous activities in the data flow. In order to improve the detection capabilities of this algorithm, we propose a modified version of the statistical decision rule based on a generalized version of the Chebyshev inequality for random vectors. The performance of the proposed algorithm is evaluated and compared, in terms of ROC (receiver operating characteristic) curves with the ones of the state-of-the-art covariance-based algorithm.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Thottan, M., Liu, G., Ji, C.: Anomaly detection approaches for communication networks. In: Algorithm for Next Generation Networks, Ch. 11, pp. 239-261. Springer, Berlin (2010)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly Detection: A Survey. Technical Report, Department of Computer Science and Engineering University of Minnesota, September (2009)
Kent, S.: On the trail of intrusions into information systems. Spect. IEEE 37(12), 52–56 (2000)
Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). Technical Report NIST SP 800-94, available at: csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
Lakhina, A., Crovella, M., Diot C.: Diagnosis network-wide traffic anomalies. In: Proceedings of ACM SIGCOMM 2004, Portland, Oregon, USA, Aug. 30–Sept. 3, (2004)
Yeung, D.S., Shuyuan, J., Xizhao, W.: Covariance-matrix modeling and detecting various flooding attacks. Syst. Man Cybern. A Syst. Humans IEEE Trans. 37(2), 157–169 (2007)
Lee, W., Stolfo, S.: A framework for constructing features and models for intrusion detection systems. ACM Trans. Inf. Syst. Secur. 3(4), 227–261 (2000)
Laha, R.G., Rohatgi, V.K.: Probability Theory. Wiley, New Jersey (1979)
Author information
Authors and Affiliations
Corresponding author
Additional information
The work of S. Fortunati has been supported by SESM-Finmeccanica and Selex ES.
Rights and permissions
About this article
Cite this article
Fortunati, S., Gini, F., Greco, M.S. et al. An improvement of the state-of-the-art covariance-based methods for statistical anomaly detection algorithms. SIViP 10, 687–694 (2016). https://doi.org/10.1007/s11760-015-0796-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11760-015-0796-y