P3CA: private anomaly detection across ISP networks

Shishir Nagaraja, Virajith Jalaparti, Matthew Caesar, Nikita Borisov

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

8 Citations (Scopus)

Abstract

Detection of malicious traffic in the Internet would be much easier if ISP networks shared their traffic traces. Unfortunately, state-of-the-art anomaly detection algorithms require detailed traffic information which is considered extremely private by operators. To address this, we propose an algorithm that allows ISPs to cooperatively detect anomalies without requiring them to reveal private traffic information. We leverage secure multiparty computation to design a privacy-preserving variant of principal component analysis (PCA) that limits information propagation across domains. PCA is a well-proven technique for isolating anomalies on network traffic and we target a design that retains its scalability and accuracy. To validate our approach, we evaluate an implementation of our design against traces from the Abilene Internet2 IP backbone network as well as synthetic traces, show that it performs efficiently to support an online anomaly detection system and and conclude that privacy-preserving anomaly detection shows promise as a key element of a wider network anomaly detection framework. In the presence of increasingly serious threats from modern networked malware, our work provides a first step towards enabling larger-scale cooperation across ISPs in the presence of privacy concerns.

Original languageEnglish
Title of host publicationPrivacy Enhancing Technologies - 11th International Symposium, PETS 2011, Proceedings
EditorsS. Fischer-Hübner, N. Hopper
Place of PublicationBerlin
PublisherSpringer
Pages38-56
Number of pages19
Volume6794
ISBN (Print)9783642222627
DOIs
Publication statusPublished - 11 Aug 2011
Event11th International Symposium on Privacy Enhancing Technologies, PETS 2011 - Waterloo, ON, Canada
Duration: 27 Jul 201129 Jul 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6794 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference11th International Symposium on Privacy Enhancing Technologies, PETS 2011
CountryCanada
CityWaterloo, ON
Period27/07/1129/07/11

Keywords

  • principal component analysis
  • anomaly detection
  • privacy preserve
  • hHomomorphic encryption
  • border gateway protocol
  • algorithms
  • data privacy
  • financial data processing
  • internet protocols

Fingerprint Dive into the research topics of 'P3CA: private anomaly detection across ISP networks'. Together they form a unique fingerprint.

  • Cite this

    Nagaraja, S., Jalaparti, V., Caesar, M., & Borisov, N. (2011). P3CA: private anomaly detection across ISP networks. In S. Fischer-Hübner, & N. Hopper (Eds.), Privacy Enhancing Technologies - 11th International Symposium, PETS 2011, Proceedings (Vol. 6794 , pp. 38-56). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6794 LNCS). Springer. https://doi.org/10.1007/978-3-642-22263-4_3