A Taxonomy and Comparative Evaluation of Algorithms for Parallel Anomaly Detection
Anomaly detection in network traffic is an important technique for identifying operation and security problems in networks. Numerous anomaly detection algorithms have been proposed and deployed in practice. The recent availability of high-performance embedded processors in network systems has made it possible to implement these algorithms to monitor traffic in real-time. Since it is unlikely that any single anomaly detection technique will ever be sufficient, the authors propose the use of multiple existing anomaly detection algorithms in parallel. In this paper, they develop a method of combining different classes of anomaly detection algorithms and address the question of which combination of existing anomaly detection algorithms achieves the best detection accuracy.