A divergence-measure based classification method for detecting anomalies in network traffic

Kiran S. Balagani, Vir V. Phoha, Gopi K. Kuchimanchi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

We present 'D-CAD,' a novel divergence-measure based classification method for anomaly detection in network traffic. The D-CAD method identifies anomalies by performing classification on features drawn from software sensors that monitor network traffic. We compare the performance of the D-CAD method with two classifier based anomaly detection methods implemented using supervised Bayesian estimation and supervised maximum-likelihood estimation. Results show that the area under receiver operating characteristic curve (AUC) of the D-CAD method is as high as 0.9524, compared to an AUC value of 0.9102 of the supervised maximum-likelihood estimation based anomaly detection method and to an AUC value of 0.8887 of the supervised Bayesian estimation based anomaly detection method.

Original languageEnglish (US)
Title of host publication2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07
Pages374-379
Number of pages6
DOIs
StatePublished - Oct 1 2007
Externally publishedYes
Event2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07 - London, United Kingdom
Duration: Apr 15 2007Apr 17 2007

Publication series

Name2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07

Other

Other2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07
CountryUnited Kingdom
CityLondon
Period4/15/074/17/07

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering

Fingerprint Dive into the research topics of 'A divergence-measure based classification method for detecting anomalies in network traffic'. Together they form a unique fingerprint.

  • Cite this

    Balagani, K. S., Phoha, V. V., & Kuchimanchi, G. K. (2007). A divergence-measure based classification method for detecting anomalies in network traffic. In 2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07 (pp. 374-379). [4239021] (2007 IEEE International Conference on Networking, Sensing and Control, ICNSC'07). https://doi.org/10.1109/ICNSC.2007.372808