Files and links (1)
PDFOpen Access (License Unspecified), Open Access
Dissertation
Performance analysis of statistical anomaly detection algorithms
Doctor of Philosophy (Ph.D.), Drexel University
Sep 2018
DOI:
https://doi.org/10.17918/D8T967
Abstract
Statistical anomaly detection (SAD) is an important component of securing modern networks facing constantly changing threats. This dissertation focuses on solving several existing problems of SAD in network security: i) performing anomaly detection distributedly in a low-cost manner; ii) analyzing the relationship between training sample size and the anomaly detection accuracy; iii) the application of SAD to detect malware on IoT devices; iv) the application and performance analysis of SAD to detect denial-of-service (DoS) attacks in wireless networks. First, we consider SAD where network data is collected and stored in geographically distributed locations. In the distributed scenario, transmitting raw data to a central server causes large communication overheads when the dimension and size of the data are high. Our work considers distributed principal component analysis (PCA) based SAD algorithms which maintain a high level of accuracy in estimating the global principal subspace from several leading local singular values and singular vectors, with a significant reduction in the volume of data exchanged. Next, the relationship between the training sample size and the detection accuracy of PCA-based SAD is addressed. We show that under a Gaussianity assumption, the discrepancy between the true principal subspace and the sample principal subspace can be upper bounded by a function in inverse proportion to the square root of the sample size and the covariance matrix's eigengap. We also present a saddlepoint approximation to the false alarm rate of the PCA-based SAD. SAD algorithms may be used to detect malware on IoT related devices, such as home routers and intelligent virtual assistants. Malware infected devices may behave abnormally and thus produce unusual system call traces. We apply several different SAD algorithms on system-call frequency features to detect malware infection of IoT devices. Finally, We employ PCA and a Markov chain based SAD to detect reactive jamming attacks in wireless networks. In the aspect of detecting the stealthy reactive jamming attacks, we propose two variants of PCA-based SAD algorithms that achieve higher detection accuracy, and a target attribution algorithm that identifies the node under attack. In the aspect of detecting the random reactive jammer (RRJ), we propose a novel reactive jamming detector and a mathematical model for an intelligent RRJ based on a Markov chain modeling of the carrier sense multiple access (CSMA) mechanism of wireless networks.
Metrics
19 File views/ downloads
35 Record Views
Details
- Title
- Performance analysis of statistical anomaly detection algorithms
- Creators
- Ni An - DU
- Contributors
- Steven P. Weber (Advisor) - Drexel University (1970-)
- Awarding Institution
- Drexel University
- Degree Awarded
- Doctor of Philosophy (Ph.D.)
- Publisher
- Drexel University; Philadelphia, Pennsylvania
- Number of pages
- xiii, 135 pages
- Resource Type
- Dissertation
- Language
- English
- Academic Unit
- Electrical and Computer Engineering; College of Engineering; Drexel University
- Other Identifier
- 8176; 991014632527804721