@inproceedings{d3d0fc872984457ea1a03e1b03fbbb6f,
title = "P3CA: private anomaly detection across ISP networks",
abstract = "Detection of malicious traffic in the Internet would be much easier if ISP networks shared their traffic traces. Unfortunately, state-of-the-art anomaly detection algorithms require detailed traffic information which is considered extremely private by operators. To address this, we propose an algorithm that allows ISPs to cooperatively detect anomalies without requiring them to reveal private traffic information. We leverage secure multiparty computation to design a privacy-preserving variant of principal component analysis (PCA) that limits information propagation across domains. PCA is a well-proven technique for isolating anomalies on network traffic and we target a design that retains its scalability and accuracy. To validate our approach, we evaluate an implementation of our design against traces from the Abilene Internet2 IP backbone network as well as synthetic traces, show that it performs efficiently to support an online anomaly detection system and and conclude that privacy-preserving anomaly detection shows promise as a key element of a wider network anomaly detection framework. In the presence of increasingly serious threats from modern networked malware, our work provides a first step towards enabling larger-scale cooperation across ISPs in the presence of privacy concerns.",
keywords = "principal component analysis, anomaly detection, privacy preserve, hHomomorphic encryption, border gateway protocol, algorithms, data privacy, financial data processing, internet protocols",
author = "Shishir Nagaraja and Virajith Jalaparti and Matthew Caesar and Nikita Borisov",
year = "2011",
month = aug,
day = "11",
doi = "10.1007/978-3-642-22263-4_3",
language = "English",
isbn = "9783642222627",
volume = "6794 ",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "38--56",
editor = "S. Fischer-H{\"u}bner and {Hopper }, N.",
booktitle = "Privacy Enhancing Technologies - 11th International Symposium, PETS 2011, Proceedings",
note = "11th International Symposium on Privacy Enhancing Technologies, PETS 2011 ; Conference date: 27-07-2011 Through 29-07-2011",
}