Fates: A Granular Approach to Real-Time Anomaly Detection

Anomaly-based intrusion detection systems have the ability of detecting novel attacks, but in real-time detection, they face the challenges of producing many false alarms and failing to contend with the high speed of modern networks due to their computationally demanding algorithms. In this paper, the authors present Fates, an anomaly-based NIDS designed to alleviate the two challenges. Fates views the monitored network as a collection of individual hosts instead of as a single autonomous entity and uses dynamic, individual threshold for each monitored host, such that it can differentiate between characteristics of individual hosts and independently assess their threat to the network.