Home // INTERNET 2014, The Sixth International Conference on Evolving Internet // View article

A New Approach to Anomaly Detection based on Possibility Distributions

Authors:
Joseph Ndong

Keywords: Anomaly detection, GMM, probability-possibility theory, subspace identification, PCA, Kalman filter

Abstract:
This paper presents a new approach for anomaly detection based on possibility theory for normal behavioral modeling. Combining subspace identification algorithms and Kalman filtering techniques could be a good basis to find a suitable model to build a decision variable where, a new decision process can be applied to identify anomalous events. A robust final decision scheme can be built, by means of possibility distributions to find the abnormal space where anomalies happen. Our system uses a calibrated state space dynamical linear model where the model's parameters are found by the principal component analysis framework. The multidimensional Kalman innovation process is used to build the unidimensional decision variable. Thereafter this variable is clustered and possibility distributions are used to separate the clusters into normal and abnormal spaces when anomalies happen. We had studied the false alarm rate {em vs.} detection rate trade-off by means of the Receiver Operating Characteristic curve to show the high performance obtained via this new methodology against other approaches. We validate the approach over different realistic network traffic.

Pages: 1 to 8

Copyright: Copyright (c) IARIA, 2014

Publication date: June 22, 2014

Published in: conference

ISSN: 2308-443X

ISBN: 978-1-61208-349-0

Location: Seville, Spain

Dates: from June 22, 2014 to June 26, 2014