Principled Sampling for Anomaly Detection

4 years 9 months ago
Principled Sampling for Anomaly Detection
Abstract—Anomaly detection plays an important role in protecting computer systems from unforeseen attack by automatically recognizing and filter atypical inputs. However, it can be difficult to balance the sensitivity of a detector – an aggressive system can filter too many benign inputs while a conservative system can fail to catch anomalies. Accordingly, it is important to rigorously test anomaly detectors to evaluate potential error rates before deployment. However, principled systems for doing so have not been studied – testing is typically ad hoc, making it difficult to reproduce results or formally compare detectors. To address this issue we present a technique and implemented system, Fortuna, for obtaining probabilistic bounds on false positive rates for anomaly detectors that process Internet data. Using a probability distribution based on PageRank and an efficient algorithm to draw samples from the distribution, Fortuna computes an estimated false positive rate and ...
Brendan Juba, Christopher Musco, Fan Long, Stelios
Added 15 Apr 2016
Updated 15 Apr 2016
Type Journal
Year 2015
Where NDSS
Authors Brendan Juba, Christopher Musco, Fan Long, Stelios Sidiroglou-Douskos, Martin C. Rinard
Comments (0)