Outlier Dirichlet Mixture Mechanism: Adversarial Statistical Learning for Anomaly Detection in the Fog

Abstract

Current anomaly detection systems (ADSs) apply statistical and machine learning algorithms to discover zero-day attacks, but such algorithms are vulnerable to advanced persistent threat actors. In this paper, we propose an adversarial statistical learning mechanism for anomaly detection, outlier Dirichlet mixture-based ADS (ODM-ADS), which has three new capabilities. First, it can self-adapt against data poisoning attacks that inject malicious instances in the training phase for disrupting the learning process. Second, it establishes a statistical legitimate profile and considers variations from the baseline of the profile as anomalies using a proposed outlier function. Third, to deal with dynamic and large-scale networks such as Internet of Things and cloud and fog computing, we suggest a framework for deploying the mechanism as Software as a Service in the fog nodes. The fog enables the proposed mechanism to concurrently process streaming data at the edge of the network. The ODM-ADS mechanism is evaluated using both NSL-KDD and UNSW-NB15 datasets, whose findings indicate that ODM-ADS outperforms seven other peer algorithms in terms of accuracy, detection rates, false positive rates, and computational time.