题名

Improving Accuracy and Automation of Anomaly Detectors Based on Self-Correlation

DOI

10.6138/JIT.2016.17.1.20130618

作者

Li-Ming Zheng;Jian-Cheng Li;Hong-Yi Wang;Xiang-Hua Zeng

关键词

Anomaly detection ; Accuracy improvement ; Correlation analysis ; Automation

期刊名称

網際網路技術學刊

卷期/出版年月

17卷1期(2016 / 01 / 01)

页次

39 - 51

内容语文

英文

英文摘要

Anomaly detectors (ADs) are extremely effective in finding "Zero Day" attacks, so anomaly detection has become an important area for both academic researchers as well as commercial interests. While ADs are attractive conceptually, they suffered from low accurate and poor adaptability. In this paper, an algorithm to improve accuracy and automation of ADs based on self-correlation analysis are proposed for any given ADs. We first perform statistical and information-theoretic analyses of Ads’ anomaly scores to reveal a consistent self-correlation characteristic during benign and abnormal periods separately. We found that anomaly scores during benign periods can be modeled as a stochastic process to prove automation improvement and anomaly scores during abnormal periods can be modeled as another stochastic process. Therefore, we model anomaly scores as a random walk on one of two stochastic processes, corresponding respectively to the traffic patterns of benign and malware. The multi-windows correlation algorithm based on threshold random walk was proposed to prove accurate and automation improvement. The proposed accurate and adaptive algorithm is incorporated into five prominent ADs. These accurate and adaptive ADSs are evaluated on public and real-world traffic traces. We show that, while reducing the need for manual parameter configuration and having low-complexity, the proposed algorithm enables the ADs to achieve considerably higher accuracy.

主题分类 基礎與應用科學 > 資訊科學