Towards Adaptive Anomaly Detection in Cellular Mobile Networks

Location information is an important feature of users' mobility profile in cellular mobile networks. In this paper, continuing our existing work on constructing a mobility-based anomaly detection scheme, we further address a challenging problem - how to adaptively adjust the detection threshold of Intrusion Detection Systems (IDSs) in the context of cellular mobile networks. This is especially critical when we consider the different mobility patterns demonstrated by the mobile users. Utilizing a high order Markov model, we apply a weighted blending scheme to compute the entropy of our Exponentially Weighted Moving Average (EWMA) based mobility trie. This reflection of the uncertainness of the users' normal profile could help us adaptively adjust the detection threshold of our anomaly detection algorithm. Simulation results show that our proposed adaptive mechanisms can further reduce the false positive rate without decreasing the detection rate. Detailed analysis of the simulation results is also provided.