An improvement of the state-of-the-art covariance-based methods for statistical anomaly detection algorithms

Abstract

This paper presents a possible improvement to one of the main statistical anomaly detection algorithms for cyber security applications, i.e., the covariance-based method. This algorithm employs covariance matrices to build a norm profile of the normal network traffic and to detect anomalous activities in the data flow. In order to improve the detection capabilities of this algorithm, we propose a modified version of the statistical decision rule based on a generalized version of the Chebyshev inequality for random vectors. The performance of the proposed algorithm is evaluated and compared, in terms of ROC (receiver operating characteristic) curves with the ones of the state-of-the-art covariance-based algorithm.