The role of KL divergence in anomaly detection
L Zhang, D Veitch, K Ramamohanarao
Proceedings of the ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems | Published : 2011
We study the role of Kullback-Leibler divergence in the framework of anomaly detection, where its abilities as a statistic underlying detection have never been investigated in depth. We give an in-principle analysis of network attack detection, showing explicitly attacks may be masked at minimal cost through 'camouflage'. We illustrate on both synthetic distributions and ones taken from real traffic.