P3CA: Private Anomaly Detection Across ISP Networks
Detection of malicious traffic in the Internet would be much easier if ISP networks shared their traffic traces. Unfortunately, state-of-the-art anomaly detection algorithms require detailed traffic information which is considered extremely private by operators. To address this, the authors propose an algorithm that allows ISPs to cooperatively detect anomalies without requiring them to reveal private traffic information. They leverage secure multiparty computation to design a privacy-preserving variant of Principal Component Analysis (PCA) that limits information propagation across domains. PCA is a well-proven technique for isolating anomalies on network traffic and they target a design that retains its scalability and accuracy.