Using Sub-optimal Kalman Filtering for Anomaly Detection in Networks
| Main Author: | Ndong, Joseph; Department of Mathematics and Computer Science, University Cheikh Anta Diop of Dakar |
|---|---|
| Format: | Article info eJournal |
| Bahasa: | eng |
| Terbitan: |
IAES Indonesia Section
, 2014
|
| Subjects: | |
| Online Access: |
http://journal.portalgaruda.org/index.php/EECSI/article/view/393 http://journal.portalgaruda.org/index.php/EECSI/article/view/393/255 |
Daftar Isi:
- Possibility theory can be used as a suitable frameworkto build a normal behavioral model for an anomaly detector.Based on linear and/or nonlinear systems, sub-optimal filteringapproaches based on the Extended Kalman Filter and the UnscentedKalman Filter are calibrated for entropy reduction andcould be a good basis to find a suitable model to build a decisionvariable where, a decision process can be applied to identifyanomalous events. Sophisticated fuzzy clustering algorithms canbe used to find a set of clusters built on the decision variable,where anomalies might happen inside a few of them. To achievean efficient detection step, a robust decision scheme is built, bymeans of possibility distributions, to separate the clusters intonormal and abnormal spaces. We had studied the false alarmrate vs. detection rate trade-off by means of ROC (ReceiverOperating Characteristic) curves to show the results. We validatethe approach over different realistic network traffic.