An improvement of the state-of-the-art covariance-based methods for statistical anomaly detection algorithms

Stefano Fortunati; Fulvio Gini; Maria S. Greco; Alfonso Farina; Antonio Graziano; Sofia Giompapa

doi:10.1007/s11760-015-0796-y

An improvement of the state-of-the-art covariance-based methods for statistical anomaly detection algorithms

Stefano Fortunati, Fulvio Gini, Maria S. Greco, Alfonso Farina, Antonio Graziano, Sofia Giompapa

Research output: Contribution to journal › Article › peer-review

Abstract

This paper presents a possible improvement to one of the main statistical anomaly detection algorithms for cyber security applications, i.e., the covariance-based method. This algorithm employs covariance matrices to build a norm profile of the normal network traffic and to detect anomalous activities in the data flow. In order to improve the detection capabilities of this algorithm, we propose a modified version of the statistical decision rule based on a generalized version of the Chebyshev inequality for random vectors. The performance of the proposed algorithm is evaluated and compared, in terms of ROC (receiver operating characteristic) curves with the ones of the state-of-the-art covariance-based algorithm.

Original language	English
Pages (from-to)	687-694
Number of pages	8
Journal	Signal, Image and Video Processing
Volume	10
Issue number	4
DOIs	https://doi.org/10.1007/s11760-015-0796-y
Publication status	Published - 1 Apr 2016
Externally published	Yes

Keywords

Covariance matrix
Flooding attacks
Intrusion detection system
Statistical anomaly detection

Access to Document

10.1007/s11760-015-0796-y

Cite this

@article{caba655cbb1545aa8febf3c214ebd5ef,

title = "An improvement of the state-of-the-art covariance-based methods for statistical anomaly detection algorithms",

abstract = "This paper presents a possible improvement to one of the main statistical anomaly detection algorithms for cyber security applications, i.e., the covariance-based method. This algorithm employs covariance matrices to build a norm profile of the normal network traffic and to detect anomalous activities in the data flow. In order to improve the detection capabilities of this algorithm, we propose a modified version of the statistical decision rule based on a generalized version of the Chebyshev inequality for random vectors. The performance of the proposed algorithm is evaluated and compared, in terms of ROC (receiver operating characteristic) curves with the ones of the state-of-the-art covariance-based algorithm.",

keywords = "Covariance matrix, Flooding attacks, Intrusion detection system, Statistical anomaly detection",

author = "Stefano Fortunati and Fulvio Gini and Greco, \{Maria S.\} and Alfonso Farina and Antonio Graziano and Sofia Giompapa",

note = "Publisher Copyright: {\textcopyright} 2015, Springer-Verlag London.",

year = "2016",

month = apr,

day = "1",

doi = "10.1007/s11760-015-0796-y",

language = "English",

volume = "10",

pages = "687--694",

journal = "Signal, Image and Video Processing",

issn = "1863-1703",

number = "4",

}

TY - JOUR

T1 - An improvement of the state-of-the-art covariance-based methods for statistical anomaly detection algorithms

AU - Fortunati, Stefano

AU - Gini, Fulvio

AU - Greco, Maria S.

AU - Farina, Alfonso

AU - Graziano, Antonio

AU - Giompapa, Sofia

PY - 2016/4/1

Y1 - 2016/4/1

N2 - This paper presents a possible improvement to one of the main statistical anomaly detection algorithms for cyber security applications, i.e., the covariance-based method. This algorithm employs covariance matrices to build a norm profile of the normal network traffic and to detect anomalous activities in the data flow. In order to improve the detection capabilities of this algorithm, we propose a modified version of the statistical decision rule based on a generalized version of the Chebyshev inequality for random vectors. The performance of the proposed algorithm is evaluated and compared, in terms of ROC (receiver operating characteristic) curves with the ones of the state-of-the-art covariance-based algorithm.

AB - This paper presents a possible improvement to one of the main statistical anomaly detection algorithms for cyber security applications, i.e., the covariance-based method. This algorithm employs covariance matrices to build a norm profile of the normal network traffic and to detect anomalous activities in the data flow. In order to improve the detection capabilities of this algorithm, we propose a modified version of the statistical decision rule based on a generalized version of the Chebyshev inequality for random vectors. The performance of the proposed algorithm is evaluated and compared, in terms of ROC (receiver operating characteristic) curves with the ones of the state-of-the-art covariance-based algorithm.

KW - Covariance matrix

KW - Flooding attacks

KW - Intrusion detection system

KW - Statistical anomaly detection

UR - https://www.scopus.com/pages/publications/84961638002

U2 - 10.1007/s11760-015-0796-y

DO - 10.1007/s11760-015-0796-y

M3 - Article

AN - SCOPUS:84961638002

SN - 1863-1703

VL - 10

SP - 687

EP - 694

JO - Signal, Image and Video Processing

JF - Signal, Image and Video Processing

IS - 4

ER -

An improvement of the state-of-the-art covariance-based methods for statistical anomaly detection algorithms

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this