TY - GEN
T1 - P3CA
T2 - Private anomaly detection across ISP networks
AU - Nagaraja, Shishir
AU - Jalaparti, Virajith
AU - Caesar, Matthew
AU - Borisov, Nikita
N1 - Funding Information:
This research was supported in part by the National Science Foundation grants: CNS 08–31488 and CNS 10–53781 and the IBM X10 innovation award.
PY - 2011
Y1 - 2011
N2 - Detection of malicious traffic in the Internet would be much easier if ISP networks shared their traffic traces. Unfortunately, state-of-the-art anomaly detection algorithms require detailed traffic information which is considered extremely private by operators. To address this, we propose an algorithm that allows ISPs to cooperatively detect anomalies without requiring them to reveal private traffic information. We leverage secure multiparty computation to design a privacy-preserving variant of principal component analysis (PCA) that limits information propagation across domains. PCA is a well-proven technique for isolating anomalies on network traffic and we target a design that retains its scalability and accuracy. To validate our approach, we evaluate an implementation of our design against traces from the Abilene Internet2 IP backbone network as well as synthetic traces, show that it performs efficiently to support an online anomaly detection system and and conclude that privacy-preserving anomaly detection shows promise as a key element of a wider network anomaly detection framework. In the presence of increasingly serious threats from modern networked malware, our work provides a first step towards enabling larger-scale cooperation across ISPs in the presence of privacy concerns.
AB - Detection of malicious traffic in the Internet would be much easier if ISP networks shared their traffic traces. Unfortunately, state-of-the-art anomaly detection algorithms require detailed traffic information which is considered extremely private by operators. To address this, we propose an algorithm that allows ISPs to cooperatively detect anomalies without requiring them to reveal private traffic information. We leverage secure multiparty computation to design a privacy-preserving variant of principal component analysis (PCA) that limits information propagation across domains. PCA is a well-proven technique for isolating anomalies on network traffic and we target a design that retains its scalability and accuracy. To validate our approach, we evaluate an implementation of our design against traces from the Abilene Internet2 IP backbone network as well as synthetic traces, show that it performs efficiently to support an online anomaly detection system and and conclude that privacy-preserving anomaly detection shows promise as a key element of a wider network anomaly detection framework. In the presence of increasingly serious threats from modern networked malware, our work provides a first step towards enabling larger-scale cooperation across ISPs in the presence of privacy concerns.
UR - http://www.scopus.com/inward/record.url?scp=79961184278&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79961184278&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-22263-4_3
DO - 10.1007/978-3-642-22263-4_3
M3 - Conference contribution
AN - SCOPUS:79961184278
SN - 9783642222627
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 38
EP - 56
BT - Privacy Enhancing Technologies - 11th International Symposium, PETS 2011, Proceedings
PB - Springer
ER -