TY - JOUR
T1 - Outlier Dirichlet Mixture Mechanism
T2 - Adversarial Statistical Learning for Anomaly Detection in the Fog
AU - Moustafa, Nour
AU - Choo, Kim Kwang Raymond
AU - Radwan, Ibrahim
AU - Camtepe, Seyit
N1 - Publisher Copyright:
© 2005-2012 IEEE.
PY - 2019/8
Y1 - 2019/8
N2 - Current anomaly detection systems (ADSs) apply statistical and machine learning algorithms to discover zero-day attacks, but such algorithms are vulnerable to advanced persistent threat actors. In this paper, we propose an adversarial statistical learning mechanism for anomaly detection, outlier Dirichlet mixture-based ADS (ODM-ADS), which has three new capabilities. First, it can self-adapt against data poisoning attacks that inject malicious instances in the training phase for disrupting the learning process. Second, it establishes a statistical legitimate profile and considers variations from the baseline of the profile as anomalies using a proposed outlier function. Third, to deal with dynamic and large-scale networks such as Internet of Things and cloud and fog computing, we suggest a framework for deploying the mechanism as Software as a Service in the fog nodes. The fog enables the proposed mechanism to concurrently process streaming data at the edge of the network. The ODM-ADS mechanism is evaluated using both NSL-KDD and UNSW-NB15 datasets, whose findings indicate that ODM-ADS outperforms seven other peer algorithms in terms of accuracy, detection rates, false positive rates, and computational time.
AB - Current anomaly detection systems (ADSs) apply statistical and machine learning algorithms to discover zero-day attacks, but such algorithms are vulnerable to advanced persistent threat actors. In this paper, we propose an adversarial statistical learning mechanism for anomaly detection, outlier Dirichlet mixture-based ADS (ODM-ADS), which has three new capabilities. First, it can self-adapt against data poisoning attacks that inject malicious instances in the training phase for disrupting the learning process. Second, it establishes a statistical legitimate profile and considers variations from the baseline of the profile as anomalies using a proposed outlier function. Third, to deal with dynamic and large-scale networks such as Internet of Things and cloud and fog computing, we suggest a framework for deploying the mechanism as Software as a Service in the fog nodes. The fog enables the proposed mechanism to concurrently process streaming data at the edge of the network. The ODM-ADS mechanism is evaluated using both NSL-KDD and UNSW-NB15 datasets, whose findings indicate that ODM-ADS outperforms seven other peer algorithms in terms of accuracy, detection rates, false positive rates, and computational time.
KW - Adversarial statistical/machine learning
KW - Dirichlet mixture model
KW - anomaly detection
KW - fog computing
KW - outlier detection
UR - http://www.scopus.com/inward/record.url?scp=85065619295&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2018.2890808
DO - 10.1109/TIFS.2018.2890808
M3 - Article
SN - 1556-6013
VL - 14
SP - 1975
EP - 1987
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
IS - 8
M1 - 8600389
ER -