P3CA: Private anomaly detection across ISP networks

Shishir Nagaraja, Virajith Jalaparti, Matthew Caesar, Nikita Borisov

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Detection of malicious traffic in the Internet would be much easier if ISP networks shared their traffic traces. Unfortunately, state-of-the-art anomaly detection algorithms require detailed traffic information which is considered extremely private by operators. To address this, we propose an algorithm that allows ISPs to cooperatively detect anomalies without requiring them to reveal private traffic information. We leverage secure multiparty computation to design a privacy-preserving variant of principal component analysis (PCA) that limits information propagation across domains. PCA is a well-proven technique for isolating anomalies on network traffic and we target a design that retains its scalability and accuracy. To validate our approach, we evaluate an implementation of our design against traces from the Abilene Internet2 IP backbone network as well as synthetic traces, show that it performs efficiently to support an online anomaly detection system and and conclude that privacy-preserving anomaly detection shows promise as a key element of a wider network anomaly detection framework. In the presence of increasingly serious threats from modern networked malware, our work provides a first step towards enabling larger-scale cooperation across ISPs in the presence of privacy concerns.

Original languageEnglish (US)
Title of host publicationPrivacy Enhancing Technologies - 11th International Symposium, PETS 2011, Proceedings
Number of pages19
ISBN (Print)9783642222627
StatePublished - 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6794 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'P3CA: Private anomaly detection across ISP networks'. Together they form a unique fingerprint.

Cite this