Context-aware security framework based on Traffic Anomaly Detection Indicator

Context-aware security utilizes external data, such as time of the day or user information, to improve its capability of detecting a security breach. In this paper we present a Context-aware security framework based on a Traffic Anomaly Detection Indicator (TADI) which indicates when a threat can occur. The main novelty of our approach is that we use as a context the time-based information derived from profile analysis of a typical day to determine more accurately the presence of an anomaly based on the time of day it occurs. This 24-h typical daily analysis helps us to consider the time interval (night-time, working hours, etc.) in which a potential threat occurs, in contrast to traditional sudden peak changes. First, a preliminary analysis based on historical data shows how traffic typically behaves at each particular period of the day. We subsequently calibrate our procedure by checking the effectiveness of different algorithms so that we are aware of which ones gets better performance in each period of the day. Finally the TADI is calculated from the time-based contextual information. We also present the results based on actual traffic traces collected from a campus university that show the effectiveness of the proposed method.