Adaptive Threshold Selection for Trust-Based Detection Systems

Document Type

Conference Proceeding

Date of Original Version



Data analysis of complex behaviors, intrusion attacks and system failures inherent in the Information Technology systems became one of the key strategies for ensuring the security of cyber assets. Data-driven anomaly detection methods can offer an appealing alternative to existing signature-based intrusion detection systems by capturing known and previously unseen attacks. In this paper, we try to develop efficient rules that distinguish between normal and abnormal behavior in a given period and over time that can also adapt to relational and dynamic changes in cyber environment. Specifically, we represent the network flow data as a bipartite graph and then adopt an outlier detection approach for heavy-Tailed distributions to develop an adaptive threshold method for node behavior characterization. Further, we introduce a trust management scheme for aggregation of node behaviors over time and evaluation of overall node 'trustworthiness' over full time period. Using the data collected by European Internet Service Provider, we demonstrate superior performance of the proposed adaptive threshold selection method for Trust-based detection systems. Overall, the proposed framework can adjust to changing conditions of the system and can be used for detection of anomalous node behaviors in real-Time.

Publication Title

IEEE International Conference on Data Mining Workshops, ICDMW