nach oben

Erschienen in:

02.07.2018

A comprehensive survey on network anomaly detection

verfasst von: Gilberto Fernandes Jr., Joel J. P. C. Rodrigues, Luiz Fernando Carvalho, Jalal F. Al-Muhtadi, Mario Lemes Proença Jr.

Erschienen in: Telecommunication Systems | Ausgabe 3/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Nowadays, there is a huge and growing concern about security in information and communication technology among the scientific community because any attack or anomaly in the network can greatly affect many domains such as national security, private data storage, social welfare, economic issues, and so on. Therefore, the anomaly detection domain is a broad research area, and many different techniques and approaches for this purpose have emerged through the years. In this study, the main objective is to review the most important aspects pertaining to anomaly detection, covering an overview of a background analysis as well as a core study on the most relevant techniques, methods, and systems within the area. Therefore, in order to ease the understanding of this survey’s structure, the anomaly detection domain was reviewed under five dimensions: (1) network traffic anomalies, (2) network data types, (3) intrusion detection systems categories, (4) detection methods and systems, and (5) open issues. The paper concludes with an open issues summary discussing presently unsolved problems, and final remarks.

Vorheriger Artikel Coded cooperative spatial modulation based on multi-level construction of polar code

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Hashim, F., Munasinghe, K. S., & Jamalipour, A. (2010). Biologically inspired anomaly detection and security control frameworks for complex heterogeneous networks. IEEE Transactions on Network and Service Management, 7, 268–281. https://doi.org/10.1109/TNSM.2010.1012.0360.CrossRef

Xiao, X., Zhang, S., Mercaldo, F., Hu, G., & Sangaiah, A. K. (2017). Android malware detection based on system call sequences and LSTM. Multimedia Tools and Applications. https://doi.org/10.1007/s11042-017-5104-0.

Balakrishnan, S. M., & Sangaiah, A. K. (2017). MIFIM—Middleware solution for service centric anomaly in future internet models. Future Generation Computer Systems, 74, 349–365. https://doi.org/10.1016/j.future.2016.08.006.CrossRef

Carvalho, L. F., Abrão, T., Mendes, L. S., & Proença, M. L. (2018). An ecosystem for anomaly detection and mitigation in software-defined networking. Expert Systems with Applications, 104, 121–133. https://doi.org/10.1016/J.ESWA.2018.03.027.CrossRef

Lu, S., Wang, X., & Mao, L. (2014). Network security situation awareness based on network simulation. In 2014 IEEE workshop on electronics, computer and applications (pp. 512–517). https://doi.org/10.1109/IWECA.2014.6845671.

Hosseini Bamakan, S. M., Wang, H., & Shi, Y. (2017). Ramp loss K-support vector classification-regression: A robust and sparse multi-class approach to the intrusion detection problem. Knowledge-Based Systems, 126, 113–126. https://doi.org/10.1016/j.knosys.2017.03.012.CrossRef

Lof, A., & Nelson, R. (2014). Annotating network trace data for anomaly detection research. In 2014 IEEE 39th conference on local computer networks workshops (LCN workshops) (pp. 679–684). https://doi.org/10.1109/LCNW.2014.6927720.

Barnett, V., & Lewis, T. (1994). Outliers in statistical data (3rd ed.). New York: Wiley.

Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly detection: A survey. ACM Computing Surveys, 41, 1–58. https://doi.org/10.1145/1541880.1541882.CrossRef

10.

Lakhina, A., Crovella, M., & Diot, C. (2004). Diagnosing network-wide traffic anomalies. In ACM SIGCOMM computer communication review (Vol. 34, p. 219). https://doi.org/10.1145/1030194.1015492.

11.

Hoque, N., Bhuyan, M. H., Baishya, R. C., Bhattacharyya, D. K., & Kalita, J. K. (2014). Network attacks: Taxonomy, tools and systems. Journal of Network and Computer Applications, 40, 307–324. https://doi.org/10.1016/j.jnca.2013.08.001.CrossRef

12.

Thottan, M., Liu, G., & Ji, C. (2010). Anomaly detection approaches for communication networks. In G. Cormode & M. Thottan (Eds.), Algorithms for next generation networks (pp. 239–261). London: Springer. https://doi.org/10.1007/978-1-84882-765-3_11.CrossRef

13.

Patcha, A., & Park, J.-M. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks, 51, 3448–3470. https://doi.org/10.1016/j.comnet.2007.02.001.CrossRef

14.

Yu, Y. (2012). A survey of anomaly intrusion detection techniques. Journal of Computing Sciences in Colleges, 28, 9–17.

15.

Weiyu, Z., Qingbo, Y., & Yushui, G. (2009). A survey of anomaly detection methods in networks. In International symposium on computer network and multimedia technology, 2009. CNMT 2009 (pp. 1–3). https://doi.org/10.1109/CNMT.2009.5374676.

16.

Marnerides, A. K., Schaeffer-Filho, A., & Mauthe, A. (2014). Traffic anomaly diagnosis in Internet backbone networks: A survey. Computer Networks, 73, 224–243. https://doi.org/10.1016/j.comnet.2014.08.007.CrossRef

17.

Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2014). Network anomaly detection: Methods, systems and tools. IEEE Communications Surveys & Tutorials, 16, 303–336. https://doi.org/10.1109/SURV.2013.052213.00046.CrossRef

18.

Ahmed, M., Naser Mahmood, A., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of Network and Computer Applications, 60, 19–31. https://doi.org/10.1016/j.jnca.2015.11.016.CrossRef

19.

Xiuyao, S., Mingxi, W., Jermaine, C., & Ranka, S. (2007). Conditional anomaly detection. IEEE Transactions on Knowledge and Data Engineering, 19, 631–644. https://doi.org/10.1109/TKDE.2007.1009.CrossRef

20.

Barford, P., Kline, J., Plonka, D., & Ron, A. (2002). A signal analysis of network traffic anomalies. In Proceedings of the 2nd ACM SIGCOMM workshop on internet measurment—IMW ’02. ACM Press, New York, NY, USA (p. 71). https://doi.org/10.1145/637201.637210.

21.

Barford, P., & Plonka, D. (2001). Characteristics of network traffic flow anomalies. Proceedings of the 1st ACM SIGCOMM workshop on internet measurement (pp. 69–73). https://doi.org/10.1145/505202.505211.

22.

Jung, J., Krishnamurthy, B., & Rabinovich, M. (2002). Flash crowds and denial of service attacks. In Proceedings of the 11th international conference on World Wide Web—WWW ’02 (p. 293). https://doi.org/10.1145/511446.511485.

23.

Pan, J., Hu, H., & Liu, Y. (2014). Human behavior during Flash Crowd in web surfing. Physica A: Statistical Mechanics and Its Applications, 413, 212–219. https://doi.org/10.1016/j.physa.2014.06.085.CrossRef

24.

Ghorbani, A. A., Lu, W., & Tavallaee, M. (2010). Network attacks. Advances in Information Security, 47, 1–25. https://doi.org/10.1007/978-0-387-88771-5_1.

25.

Mouton, F., Malan, M. M., & Venter, H. S. (2013). Social engineering from a normative ethics perspective. In Information security for South Africa, 2013 (pp. 1–8). https://doi.org/10.1109/ISSA.2013.6641064.

26.

Maxion, R. A., & Townsend, T. N. (2002). Masquerade detection using truncated command lines. In International conference on dependable systems and networks, 2002. DSN 2002. Proceedings (pp. 219–228). https://doi.org/10.1109/DSN.2002.1028903.

27.

Szor, P. (2005). The art of computer virus research and defense. Reading: Addison-Wesley.

28.

Weaver, N., Paxson, V., Staniford, S., & Cunningham, R., (2003). A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode (pp. 11–18). https://doi.org/10.1145/948187.948190.

29.

Peng, T., Leckie, C., & Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys, 39, 3. https://doi.org/10.1145/1216370.1216373.CrossRef

30.

Mohana Priya, P., Akilandeswari, V., Mercy Shalinie, S., Lavanya, V., & Shanmuga Priya, M. (2014). The protocol independent detection and classification (PIDC) system for DRDoS attack. In 2014 International conference on recent trends in information technology (ICRTIT) (pp. 1–7). IEEE. https://doi.org/10.1109/ICRTIT.2014.6996154.

31.

Muller, T., & Freiling, F. C. (2014). A systematic assessment of the security of full disk encryption. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2014.2369041.

32.

Raza, M., & Haider, W. (2012). A survey of password attacks and comparative analysis on methods for secure authentication. World Applied Sciences Journal, 19, 439–444. https://doi.org/10.5829/idosi.wasj.2012.19.04.1837.

33.

Shimonski, R., Zenir, J., & Bishop, A. (2015). Chapter 2: Information gathering. In R. S. Z. Bishop (Ed.), Cyber Reconnaissance, surveillance and defense (pp. 45–84). Boston: Syngress. https://doi.org/10.1016/B978-0-12-801308-3.00002-0.CrossRef

34.

Harrington, D., Presuhn, R., & Wijnen, B. (2002). RFC 3411: An architecture for describing simple network management protocol (SNMP) management frameworks (pp. 1–64). https://tools.ietf.org/html/rfc3411. Accessed 23 Oct 2017.

35.

Thottan, M., & Ji, C. (2003). Anomaly detection in IP networks. IEEE Transactions on Signal Processing, 51, 2191–2204. https://doi.org/10.1109/TSP.2003.814797.CrossRef

36.

Cabrera, J. B. D., Lewis, L., Qin, X., Lee, W., Prasanth, R. K., Ravichandran, B., & Mehra, R. K. (2001). Proactive detection of distributed denial of service attacks using MIB traffic variables: A feasibility study. In 2001 IEEE/IFIP International symposium on integrated network management proceedings. VII. Integr. Manag. Strateg. New Millenn. (Cat. No. 01EX470) (pp. 609–622). IEEE. https://doi.org/10.1109/INM.2001.918069.

37.

Yu, J., Lee, H., Kim, M.-S., & Park, D. (2008). Traffic flooding attack detection with SNMP MIB using SVM. Computer Communications, 31, 4212–4219. https://doi.org/10.1016/j.comcom.2008.09.018.CrossRef

38.

Lima, M. F., Sampaio, L. D. H., Zarpelao, B. B., Rodrigues, J. J. P. C., Abrao, T., & Proenca, M. L., Jr. (2010). Networking anomaly detection using DSNs and particle swarm optimization with re-clustering. In 2010 IEEE global telecommunications conference GLOBECOM 2010 (pp. 1–6). IEEE. https://doi.org/10.1109/GLOCOM.2010.5683910.

39.

Zarpelao, B. B., Mendes, L. S., Proenca Jr., M. L., & Rodrigues, J. J. P. C. (2009). Parameterized anomaly detection system with automatic configuration. In GLOBECOM 2009—2009 IEEE global telecommunications conference (pp. 1–6). IEEE. https://doi.org/10.1109/GLOCOM.2009.5426189.

40.

Duffield, N., Haffner, P., Krishnamurthy, B., & Ringberg, H. (2009). Rule-based anomaly detection on IP flows. In IEEE INFOCOM 2009—28th Conference on Computer Communications (pp. 424–432). IEEE. https://doi.org/10.1109/INFCOM.2009.5061947.

41.

Fontugne, R., & Fukuda, K. (2011). A Hough-transform-based anomaly detector with an adaptive time interval. ACM SIGAPP Applied Computing Review, 11, 41–51. https://doi.org/10.1145/2034594.2034598.CrossRef

42.

Introduction to Cisco IOS®NetFlow (White Paper), (2012) 1–16. http://www.cisco.com/c/en/us/products/collateral/ios-nx-os software/iosnetflow/prod_white_paper0900aecd80406232.pdf. Accessed 10 Dec 2017.

43.

Claise, B. (2004). RFC 3954: Cisco systems netflow services export version 9 (pp. 1–33). https://tools.ietf.org/html/rfc3954. Accessed September 2, 2016.

44.

Trammell, B., & Claise, B. (2013). RFC 7011: Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information, 1–53. 2070-1721.

45.

Chapman, C. (2016). Chapter 10: Traffic performance testing in the network. In Network performance and security (pp. 295–317). https://doi.org/10.1016/B978-0-12-803584-9.00010-X.

46.

NfSen: NetFlow sensor. (2011). http://nfsen.sourceforge.net/. Accessed September 2, 2016.

47.

nTop. (2016). http://www.ntop.org/. Accessed September 2, 2016.

48.

Panchen, S., Phaal, P., & McKee, N. (2001). RFC 3176: InMon Corporation’s sFlow: A method for monitoring traffic in switched and routed networks, 1–31. https://tools.ietf.org/html/rfc3176. Accessed September 2, 2016.

49.

Duffield, N. (2004). Sampling for passive internet measurement: A review. Statistical Science, 19, 472–498. https://doi.org/10.1214/088342304000000206.CrossRef

50.

Cisco NetFlow-Lite Solution Overview, Cisco. (2016). http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-x-series-switches/solution_overview_c22-728776.html. Accessed September 2, 2016.

51.

Deri, L., Chou, E., Cherian, Z., Karmarkar, K., & Patterson, M. (2011). Increasing data center network visibility with cisco NetFlow-Lite. In International conference on network and service management (pp. 1–6).

52.

Jadidi, Z., Muthukkumarasamy, V., Sithirasenan, E., & Singh, K. (2015). Flow-based anomaly detection in big data. In Network big data (pp. 257–279). Chapman and Hall/CRC. https://doi.org/10.1201/b18772-17.

53.

Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., & Stiller, B. (2010). An overview of IP flow-based intrusion detection. IEEE Communications Surveys and Tutorials, 12, 343–356. https://doi.org/10.1109/SURV.2010.032210.00054.CrossRef

54.

Winter, P., Hermann, E., & Zeilinger, M. (2011). Inductive intrusion detection in flow-based network data using one-class support vector machines. In 2011 4th IFIP international conference on new technologies, mobility and security (pp. 1–5). IEEE. https://doi.org/10.1109/NTMS.2011.5720582.

55.

Bartos, K., Rehak, M., & Krmicek, V. (2011). Optimizing flow sampling for network anomaly detection. In 2011 7th international wireless communications and mobile computing conference (pp. 1304–1309). IEEE. https://doi.org/10.1109/IWCMC.2011.5982728.

56.

Zhang, Y., Fang, B., & Luo, H. (2010). Identifying high-rate flows based on sequential sampling. IEICE Transactions on Information and Systems, E93–D, 1162–1174. https://doi.org/10.1587/transinf.E93.D.1162.CrossRef

57.

Silva, J. M. C., Carvalho, P., & Lima, S. R. (2015). Analysing traffic flows through sampling: A comparative study. In 2015 IEEE symposium on computers and communications (pp. 341–346). https://doi.org/10.1109/ISCC.2015.7405538.

58.

Kemmerer, R. A., & Vigna, G. (2002). Intrusion detection: A brief history and overview. Computer, 35, 27–30. https://doi.org/10.1109/MC.2002.1012428.CrossRef

59.

Lee, W., & Stolfo, S. (1998). Data mining approaches for intrusion detection. In Proceedings of 7th {USENIX} security symposium, USENIX Association (pp. 6–6). https://dl.acm.org/citation.cfm?id=1267555. Accessed November 1, 2017.

60.

Bul’ajoul, W., James, A., & Pannu, M. (2015). Improving network intrusion detection system performance through quality of service configuration and parallel technology. Journal of Computer and System Sciences, 81, 981–999. https://doi.org/10.1016/j.jcss.2014.12.012.CrossRef

61.

Bostani, H., & Sheikhan, M. (2017). Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach. Computer Communications, 98, 52–71. https://doi.org/10.1016/j.comcom.2016.12.001.CrossRef

62.

Milenkoski, A., Vieira, M., Kounev, S., Avritzer, A., & Payne, B. D. (2015). Evaluating computer intrusion detection systems: A survey of common practices. ACM Computing Surveys, 48, 1–41. https://doi.org/10.1145/2808691.CrossRef

63.

Butun, I., Morgera, S. D., & Sankar, R. (2014). A survey of intrusion detection systems in wireless sensor networks. IEEE Communications Surveys & Tutorials, 16, 266–282. https://doi.org/10.1109/SURV.2013.050113.00191.CrossRef

64.

Debar, H., Dacier, M., & Wespi, A. (1999). Towards a taxonomy of intrusion–detection systems. Computer Networks, 31, 805–822. https://doi.org/10.1016/S1389-1286(98)00017-6.CrossRef

65.

Meng Hui, L., & Jones, A. (2008). Network anomaly detection system: The state of art of network behaviour analysis. In International conference on convergence and hybrid information technology 2008. ICHIT ’08 (pp. 459–465). https://doi.org/10.1109/ICHIT.2008.249.

66.

Sobh, T. S. (2006). Wired and wireless intrusion detection system: Classifications, good characteristics and state-of-the-art. Computer Standards & Interfaces, 28, 670–694. https://doi.org/10.1016/j.csi.2005.07.002.CrossRef

67.

de Assis, M. V. O., Rodrigues, J. J. P. C., & Proença, M. L. (2014). A seven-dimensional flow analysis to help autonomous network management. Information Sciences, 278, 900–913. https://doi.org/10.1016/j.ins.2014.03.102.CrossRef

68.

Stakhanova, N., Basu, S., & Wong, J. (2010). On the symbiosis of specification-based and anomaly-based detection. Computers & Security, 29, 253–268. https://doi.org/10.1016/j.cose.2009.08.007.CrossRef

69.

Lakhina, A., Papagiannaki, K., Crovella, M., Diot, C., Kolaczyk, E. D., & Taft, N. (2004). Structural analysis of network traffic flows. ACM SIGMETRICS Performance Evaluation Review, 32, 61. https://doi.org/10.1145/1012888.1005697.CrossRef

70.

Lakhina, A., Crovella, M., & Diot, C. (2005). Mining anomalies using traffic feature distributions. ACM SIGCOMM Computer Communication Review, 35, 217. https://doi.org/10.1145/1090191.1080118.CrossRef

71.

Callegari, C., Giordano, S., Pagano, M., & Pepe, T. (2011). Combining sketches and wavelet analysis for multi time-scale network anomaly detection. Computers & Security, 30, 692–704. https://doi.org/10.1016/j.cose.2011.08.006.CrossRef

72.

Hamdi, M., & Boudriga, N. (2007). Detecting Denial-of-Service attacks using the wavelet transform. Computer Communications, 30, 3203–3213. https://doi.org/10.1016/j.comcom.2007.05.061.CrossRef

73.

Jolliffe, I. T. (2002). Principal component analysis. Berlin: Springer.

74.

Jackson, J. E. (2005). A user’s guide to principal components. New York: Wiley.

75.

Ringberg, H., Soule, A., Rexford, J., & Diot, C. (2007). Sensitivity of PCA for traffic anomaly detection. SIGMETRICS Performance Evaluation Review, 35, 109–120. https://doi.org/10.1145/1269899.1254895.CrossRef

76.

Wright, J., Ganesh, A., Rao, S., Peng, Y., & Ma, Y. (2009). Robust principal component analysis: Exact recovery of corrupted low-rank matrices via convex optimization. In Y. Bengio, D. Schuurmans, J. D. Lafferty, C. K. I. Williams, & A. Culotta (Eds.), Advances in neural information processing systems (Vol. 22, pp. 2080–2088). Curran Associates, Inc. http://papers.nips.cc/paper/3704-robust-principal-component-analysis-exact-recovery-of-corrupted-low-rank-matrices-via-convex-optimization.pdf.

77.

Candès, E. J., Li, X., Ma, Y., & Wright, J. (2011). Robust principal component analysis? Journal of the ACM, 58, 11:1–11:37. https://doi.org/10.1145/1970392.1970395.CrossRef

78.

Pascoal, C., Rosario de Oliveira, M., Valadas, R., Filzmoser, P., Salvador, P., & Pacheco, A. (2012). Robust feature selection and robust PCA for internet traffic anomaly detection. In INFOCOM, 2012 Proceedings of IEEE (pp. 1755–1763). https://doi.org/10.1109/INFCOM.2012.6195548.

79.

Kanda, Y., Fontugne, R., Fukuda, K., & Sugawara, T. (2013). ADMIRE: Anomaly detection method using entropy-based PCA with three-step sketches. Computer Communications, 36, 575–588. https://doi.org/10.1016/j.comcom.2012.12.002.CrossRef

80.

OReilly, C., Gluhak, A., & Imran, M. A. (2016). Distributed anomaly detection using minimum volume elliptical principal component analysis. IEEE Transactions on Knowledge and Data Engineering, 28, 2320–2333. https://doi.org/10.1109/TKDE.2016.2555804.CrossRef

81.

Camacho, J., Pérez-Villegas, A., García-Teodoro, P., & Maciá-Fernández, G. (2016). PCA-based multivariate statistical network monitoring for anomaly detection. Computers & Security, 59, 118–137. https://doi.org/10.1016/j.cose.2016.02.008.CrossRef

82.

Fernandes, G., Carvalho, L. F., Rodrigues, J. J. P. C., & Proença, M. L. (2016). Network anomaly detection using IP flows with principal component analysis and ant colony optimization. Journal of Network and Computer Applications, 64, 1–11. https://doi.org/10.1016/j.jnca.2015.11.024.CrossRef

83.

Fernandes, G., Rodrigues, J. J. P. C., & Proença, M. L. (2015). Autonomous profile-based anomaly detection system using principal component analysis and flow analysis. Applied Soft Computing, 34, 513–525. https://doi.org/10.1016/j.asoc.2015.05.019.CrossRef

84.

Fernandes, G., Zacaron, A. M., Rodrigues, J. J. P. C., & Proenca, M. L. (2013). Digital signature to help network management using principal component analysis and K-means clustering. In 2013 IEEE international conference on communications (pp. 2519–2523). IEEE. https://doi.org/10.1109/ICC.2013.6654912.

85.

Yeung, D. S., Shuyuan, J., & Xizhao, W. (2007). Covariance-matrix modeling and detecting various flooding attacks. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, 37, 157–169. https://doi.org/10.1109/TSMCA.2006.889480.CrossRef

86.

Xie, M., Hu, J., & Guo, S. (2015). Segment-based anomaly detection with approximated sample covariance matrix in wireless sensor networks. IEEE Transactions on Parallel and Distributed Systems, 26, 574–583. https://doi.org/10.1109/TPDS.2014.2308198.CrossRef

87.

Huang, T., Sethu, H., & Kandasamy, N. (2016). A new approach to dimensionality reduction for anomaly detection in data traffic. IEEE Transactions on Network and Service Management, 13, 651–665. https://doi.org/10.1109/TNSM.2016.2597125.CrossRef

88.

Kalkan, K., & Alagöz, F. (2016). A distributed filtering mechanism against DDoS attacks: ScoreForCore. Computer Networks, 108, 199–209. https://doi.org/10.1016/j.comnet.2016.08.023.CrossRef

89.

Ozkan, H., Ozkan, F., & Kozat, S. S. (2016). Online anomaly detection under Markov statistics with controllable type-I error. IEEE Transactions on Signal Processing, 64, 1435–1445. https://doi.org/10.1109/TSP.2015.2504345.CrossRef

90.

Proença, M. L., Coppelmans, C., Bottoli, M., Alberti, A., & Mendes, L. S. (2004). The hurst parameter for digital signature of network segment. In J. N. de Souza, P. Dini, & P. Lorenz (Eds.), Telecommunications and networking—ICT 2004 11th international conference on telecommunications, Fortaleza, Brazil, August 1–6, 2004. Proceedings (pp. 772–781). Berlin: Springer. https://doi.org/10.1007/978-3-540-27824-5_103.

91.

Pena, E. H. M., Carvalho, L. F., Barbon, S, Jr., Rodrigues, J. J. P. C., & Proença, M. L, Jr. (2017). Anomaly detection using the correlational paraconsistent machine with digital signatures of network segment. Information Sciences, 420, 313–328. https://doi.org/10.1016/j.ins.2017.08.074.CrossRef

92.

Pena, E. H. M., Carvalho, L. F., Barbon, S., Rodrigues, J. J. P. C., & Proenca, M. L. (2014). Correlational paraconsistent machine for anomaly detection. In 2014 IEEE global communications conference (pp. 551–556). IEEE. https://doi.org/10.1109/GLOCOM.2014.7036865.

93.

Bang, J., Cho, Y.-J., & Kang, K. (2017). Anomaly detection of network-initiated LTE signaling traffic in wireless sensor and actuator networks based on a Hidden semi-Markov Model. Computers & Security, 65, 108–120. https://doi.org/10.1016/j.cose.2016.11.008.CrossRef

94.

Ren, H., Ye, Z., & Li, Z. (2017). Anomaly detection based on a dynamic Markov model. Computers & Security. https://doi.org/10.1016/j.ins.2017.05.021.

95.

Jazi, H. H., Gonzalez, H., Stakhanova, N., & Ghorbani, A. A. (2017). Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Computer Networks, 121, 25–36. https://doi.org/10.1016/j.comnet.2017.03.018.CrossRef

96.

Han, J., Kamber, M., & Pei, J. (2012). 10: Cluster analysis: Basic concepts and methods. In J. H. Kamber, & J. Pei (Eds.), Data mininig (3d edn., pp. 443–495). Boston: Morgan Kaufmann. https://doi.org/10.1016/B978-0-12-381479-1.00010-1.

97.

Rajasegarar, S., Leckie, C., & Palaniswami, M. (2014). Hyperspherical cluster based distributed anomaly detection in wireless sensor networks. Journal of Parallel and Distributed Computing, 74, 1833–1847. https://doi.org/10.1016/j.jpdc.2013.09.005.CrossRef

98.

Mazel, J., Casas, P., Labit, Y., & Owezarski, P. (2011). Sub-space clustering, inter-clustering results association and anomaly correlation for unsupervised network anomaly detection. In CNSM ’11 Proceedings of the 7th international conference on network and services management (pp. 73–80). http://dl.acm.org/citation.cfm?id=2147683.

99.

Karami, A., & Guerrero-Zapata, M. A. (2015). Fuzzy anomaly detection system based on hybrid PSO-K means algorithm in content-centric networks. Neurocomputing, 149, 1253–1269. https://doi.org/10.1016/j.neucom.2014.08.070.CrossRef

100.

Carvalho, L. F., Barbon, S., Mendes, L. S., & Proença, M. L. (2016). Unsupervised learning clustering and self-organized agents applied to help network management. Expert Systems with Applications, 54, 29–47. https://doi.org/10.1016/j.eswa.2016.01.032.CrossRef

101.

Dromard, J., Roudiere, G., & Owezarski, P. (2017). Online and scalable unsupervised network anomaly detection method. IEEE Transactions on Network and Service Management, 14, 34–47. https://doi.org/10.1109/TNSM.2016.2627340.CrossRef

102.

He, D., Chan, S., Ni, X., & Guizani, M. (2017). Software-defined-networking-enabled traffic anomaly detection and mitigation. IEEE Internet of Things Journal. https://doi.org/10.1109/JIOT.2017.2694702.

103.

Bigdeli, E., Mohammadi, M., Raahemi, B., & Matwin, S. (2018). Incremental anomaly detection using two-layer cluster-based structure. Information Sciences, 429, 315–331. https://doi.org/10.1016/j.ins.2017.11.023.CrossRef

104.

Estevez-Tapiador, J. M., Garcia-Teodoro, P., & Diaz-Verdejo, J. E. (2003). Stochastic protocol modeling for anomaly based network intrusion detection. In Information assurance. 2003. IWIAS 2003. Proceedings. First IEEE international workshop on (pp. 3–12). https://doi.org/10.1109/IWIAS.2003.1192454.

105.

Su, M.-Y. (2010). Discovery and prevention of attack episodes by frequent episodes mining and finite state machines. Journal of Network and Computer Applications, 33, 156–167. https://doi.org/10.1016/j.jnca.2009.10.003.CrossRef

106.

Hammerschmidt, C., Marchal, S., State, R., Pellegrino, G., & Verwer, S., (2016). Efficient learning of communication profiles from IP flow records. In 2016 IEEE 41st conference on local computer networks (pp. 559–562). IEEE. https://doi.org/10.1109/LCN.2016.92.

107.

Duda, R. O., Hart, P. E., & Stork, D. G. (2012). Pattern classification. New York: Wiley.

108.

Klassen, M., & Ning, Y. (2012). Anomaly based intrusion detection in wireless networks using Bayesian classifier. In 2012 IEEE fifth international conference on advanced computational intelligence (ICACI) (pp. 257–264). https://doi.org/10.1109/ICACI.2012.6463163.

109.

Tao, L., Ailing, Q., Yuanbin, H., & Xintan, C. (2008). Method for network anomaly detection based on Bayesian statistical model with time slicing. In 7th world congress on intelligent control and automation, 2008. WCICA 2008 (pp. 3359–3362). https://doi.org/10.1109/WCICA.2008.4593458.

110.

Swarnkar, M., & Hubballi, N. (2016). OCPAD: One class Naive Bayes classifier for payload based anomaly detection. Expert Systems with Applications, 64, 330–339. https://doi.org/10.1016/j.eswa.2016.07.036.CrossRef

111.

Vapnik, V. N. (1995). The nature of statistical learning theory. New York: Springer.CrossRef

112.

Catania, C. A., Bromberg, F., & Garino, C. G. (2012). An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Systems with Applications, 39, 1822–1829. https://doi.org/10.1016/j.eswa.2011.08.068.CrossRef

113.

Amer, M., Goldstein, M., & Abdennadher, S. (2013). Enhancing one-class support vector machines for unsupervised anomaly detection. In Proceedings of the ACM SIGKDD workshop on outlier detection and description (pp. 8–15). https://doi.org/10.1145/2500853.2500857.

114.

Erfani, S. M., Rajasegarar, S., Karunasekera, S., & Leckie, C. (2016). High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning. Pattern Recognition, 58, 121–134. https://doi.org/10.1016/j.patcog.2016.03.028.CrossRef

115.

Wang, H., Gu, J., & Wang, S. (2017). An effective intrusion detection framework based on SVM with feature augmentation. Knowledge-Based Systems, 136, 130–139. https://doi.org/10.1016/j.knosys.2017.09.014.CrossRef

116.

Kabir, E., Hu, J., Wang, H., & Zhuo, G. (2017). A novel statistical technique for intrusion detection systems. Future Generation Computer Systems. https://doi.org/10.1016/j.future.2017.01.029.

117.

Subba, B., Biswas, S., & Karmakar, S. (2016). A neural network based system for intrusion detection and attack classification. In 2016 Twenty second national conference on communication (pp. 1–6). IEEE. https://doi.org/10.1109/NCC.2016.7561088.

118.

Saeed, A., Ahmadinia, A., Javed, A., & Larijani, H. (2016). Intelligent intrusion detection in low-power IoTs. ACM Transactions on Internet Technology, 16, 1–25. https://doi.org/10.1145/2990499.CrossRef

119.

Brown, J., Anwar, M., & Dozier, G. (2016). An evolutionary general regression neural network classifier for intrusion detection. In 2016 25th International conference on computer communication and networks (ICCCN) (pp. 1–5). IEEE. https://doi.org/10.1109/ICCCN.2016.7568493.

120.

Ashfaq, R. A. R., Wang, X.-Z., Huang, J. Z., Abbas, H., & He, Y.-L. (2017). Fuzziness based semi-supervised learning approach for intrusion detection system. Information Sciences, 378, 484–497. https://doi.org/10.1016/j.ins.2016.04.019.CrossRef

121.

Peddabachigari, S., Abraham, A., Grosan, C., & Thomas, J. (2007). Modeling intrusion detection system using hybrid intelligent systems. Journal of Network and Computer Applications, 30, 114–132. https://doi.org/10.1016/j.jnca.2005.06.003.CrossRef

122.

Aburomman, A. A., & Bin Ibne Reaz, M. (2016). A novel SVM-kNN-PSO ensemble method for intrusion detection system. Applied Soft Computing, 38, 360–372. https://doi.org/10.1016/j.asoc.2015.10.011.CrossRef

123.

Sornsuwit, P., & Jaiyen, S. (2015). Intrusion detection model based on ensemble learning for U2R and R2L attacks. In 2015 7th international conference on information technology and electrical engineering (ICITEE) (pp. 354–359). IEEE. https://doi.org/10.1109/ICITEED.2015.7408971.

124.

Bukhtoyarov, V., & Zhukov, V. (2014). Ensemble-distributed approach in classification problem solution for intrusion detection systems. In E. Corchado, J. A. Lozano, H. Quintián, & H. Yin (Eds.), 2014 15th International conference on intelligent data engineering automated learning—IDEAL, Salamanca, Spain, September 10–12, 2014. Proceedings (pp. 255–265). Cham: Springer. https://doi.org/10.1007/978-3-319-10840-7_32.

125.

Shannon, C. E. (1948). A mathematical theory of communication. Bell System Technical Journal, 27, 379–423. https://doi.org/10.1002/j.1538-7305.1948.tb01338.x.CrossRef

126.

Cover, T. M., & Thomas, J. A. (2006). Elements of information theory (2nd ed.). New York: Wiley.

127.

Lee, W., & Xiang, D. (2001). Information-theoretic measures for anomaly detection. In Proceedings of 2001 IEEE symposium on security and privacy, S&P 2001 (pp. 130–143). IEEE Comput. Soc, n.d. https://doi.org/10.1109/SECPRI.2001.924294.

128.

David, J., & Thomas, C. (2015). DDoS attack detection using fast entropy approach on flow- based network traffic. Procedia Computer Science, 50, 30–36. https://doi.org/10.1016/j.procs.2015.04.007.CrossRef

129.

Amaral, A. A., Mendes, L. S., Zarpelão, B. B., & Junior, M. L. P. (2017). Deep IP flow inspection to detect beyond network anomalies. Computer Communications, 98, 80–96. https://doi.org/10.1016/j.comcom.2016.12.007.CrossRef

130.

Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2016). A multi-step outlier-based anomaly detection approach to network-wide traffic. Information Sciences, 348, 243–271. https://doi.org/10.1016/j.ins.2016.02.023.CrossRef

131.

Bereziński, P., Jasiul, B., & Szpyrka, M. (2015). An entropy-based network anomaly detection method. Entropy, 17, 2367–2408. https://doi.org/10.3390/e17042367.CrossRef

132.

Behal, S., & Kumar, K. (2017). Detection of DDoS attacks and flash events using novel information theory metrics. Computer Networks, 116, 96–110. https://doi.org/10.1016/j.comnet.2017.02.015.CrossRef

133.

Xie, M., Hu, J., Guo, S., & Zomaya, A. Y. (2017). Distributed segment-based anomaly detection with Kullback–Leibler divergence in wireless sensor networks. IEEE Transactions on Information Forensics and Security, 12, 101–110. https://doi.org/10.1109/TIFS.2016.2603961.CrossRef

134.

Li, G., & Wang, Y. (2012). Differential Kullback–Leibler divergence based anomaly detection scheme in sensor networks. In 2012 IEEE 12th international conference on computer and information technology (pp. 966–970). IEEE. https://doi.org/10.1109/CIT.2012.197.

135.

Kar, A. K. (2016). Bio inspired computing: A review of algorithms and scope of applications. Expert Systems with Applications, 59, 20–32. https://doi.org/10.1016/j.eswa.2016.04.018.CrossRef

136.

Firdaus, A., Anuar, N. B., Razak, M. F. A., & Sangaiah, A. K. (2017). Bio-inspired computational paradigm for feature investigation and malware detection: Interactive analytics. Multimedia Tools and Applications. https://doi.org/10.1007/s11042-017-4586-0.

137.

Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18, 1153–1176. https://doi.org/10.1109/COMST.2015.2494502.CrossRef

138.

Sen, S. (2015). A survey of intrusion detection systems using evolutionary computation. In Bio-inspired computation in telecommunications (pp. 73–94). Elsevier. https://doi.org/10.1016/B978-0-12-801538-4.00004-5.

139.

de Castro, L. N., & Timmis, J. (2002). Artificial immune systems: A new computational intelligence approach. London: Springer.

140.

Saurabh, P., & Verma, B. (2016). An efficient proactive artificial immune system based anomaly detection and prevention system. Expert Systems with Applications, 60, 311–320. https://doi.org/10.1016/j.eswa.2016.03.042.CrossRef

141.

Igbe, O., Darwish, I., & Saadawi, T. (2016). Distributed network intrusion detection systems: An artificial immune system approach. In 2016 IEEE First international conference on connected health: applications, systems and engineering technologies (pp. 101–106). IEEE. https://doi.org/10.1109/CHASE.2016.36.

142.

Shamshirband, S., Anuar, N. B., Kiah, M. L. M., Rohani, V. A., Petković, D., Misra, S., et al. (2014). Co-FAIS: Cooperative fuzzy artificial immune system for detecting intrusion in wireless sensor networks. Journal of Network and Computer Applications, 42, 102–117. https://doi.org/10.1016/j.jnca.2014.03.012.CrossRef

143.

Aslahi-Shahri, B. M., Rahmani, R., Chizari, M., Maralani, A., Eslami, M., Golkar, M. J., et al. (2016). A hybrid method consisting of GA and SVM for intrusion detection system. Neural Computing and Applications, 27, 1669–1676. https://doi.org/10.1007/s00521-015-1964-2.CrossRef

144.

Singh, S., & Kushwah, R. S. (2016). Energy efficient approach for intrusion detection system for WSN by applying optimal clustering and genetic algorithm. In Proceedings of the international conference on advances in information communication technology & computing—AICTC ’16 (pp. 1–6). New York, NY: ACM Press. https://doi.org/10.1145/2979779.2979840.

145.

Hamamoto, A. H., Carvalho, L. F., Sampaio, L. D. H., Abrão, T., & Proença, M. L. (2018). Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Systems with Applications, 92, 390–402. https://doi.org/10.1016/j.eswa.2017.09.013.CrossRef

146.

Elsayed, S., Sarker, R., & Slay, J. (2015). Evaluating the performance of a differential evolution algorithm in anomaly detection. In 2015 IEEE congress on evolutionary computation (pp. 2490–2497). IEEE. https://doi.org/10.1109/CEC.2015.7257194.

147.

Huang, C.-L., & Dun, J.-F. (2008). A distributed PSO-SVM hybrid system with feature selection and parameter optimization. Applied Soft Computing, 8, 1381–1391. https://doi.org/10.1016/j.asoc.2007.10.007.CrossRef

148.

Lin, S.-W., Ying, K.-C., Chen, S.-C., & Lee, Z.-J. (2008). Particle swarm optimization for parameter determination and feature selection of support vector machines. Expert Systems with Applications, 35, 1817–1824. https://doi.org/10.1016/j.eswa.2007.08.088.CrossRef

149.

Hosseini Bamakan, S. M., Wang, H., Yingjie, T., & Shi, Y. (2016). An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing, 199, 90–102. https://doi.org/10.1016/j.neucom.2016.03.031.CrossRef

150.

de Assis, M. V. O., Hamamoto, A. H., Abrao, T., & Proenca, M. L. (2017). A game theoretical based system using holt-winters and genetic algorithm with fuzzy logic for DoS/DDoS mitigation on SDN networks. IEEE Access. https://doi.org/10.1109/ACCESS.2017.2702341.

151.

Grill, M., & Pevný, T. (2016). Learning combination of anomaly detectors for security domain. Computer Networks, 107, 55–63. https://doi.org/10.1016/j.comnet.2016.05.021.CrossRef

152.

Al-Yaseen, W. L., Othman, Z. A., & Nazri, M. Z. A. (2017). Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Systems with Applications, 67, 296–303. https://doi.org/10.1016/j.eswa.2016.09.041.CrossRef

153.

Forestiero, A. (2016). Self-organizing anomaly detection in data streams. Information Sciences, 373, 321–336. https://doi.org/10.1016/j.ins.2016.09.007.CrossRef

154.

Salem, O., Guerassimov, A., Mehaoua, A., Marcus, A., & Furht, B. (2014). Anomaly detection in medical wireless sensor networks using SVM and linear regression models. International Journal of E-Health and Medical Communications, 5, 20–45. https://doi.org/10.4018/ijehmc.2014010102.

155.

Wang, W., Liu, J., Pitsilis, G., & Zhang, X. (2016). Abstracting massive data for lightweight intrusion detection in computer networks. Information Sciences. https://doi.org/10.1016/j.ins.2016.10.023.

156.

Adaniya, M. H. A. C., Abrão, T., & Proença, M. L, Jr. (2013). Anomaly detection using metaheuristic firefly harmonic clustering. Journal of Networks, 8, 82–91. https://doi.org/10.4304/jnw.8.1.82-91.CrossRef

157.

Proenca, M. L., Zarpelao, B. B., & Mendes, L. S. (2005). Anomaly detection for network servers using digital signature of network segment. In Advanced industrial conference on telecommunications/service assurance with partial and intermittent resources conference/e-learning on telecommunications workshop (pp. 290–295). IEEE. https://doi.org/10.1109/AICT.2005.26.

158.

Chen, M.-H., Chang, P.-C., & Wu, J.-L. (2016). A population-based incremental learning approach with artificial immune system for network intrusion detection. Engineering Applications of Artificial Intelligence, 51, 171–181. https://doi.org/10.1016/j.engappai.2016.01.020.CrossRef

159.

Grill, M., Pevný, T., & Rehak, M. (2017). Reducing false positives of network anomaly detection by local adaptive multivariate smoothing. Journal of Computer and System Sciences, 83, 43–57. https://doi.org/10.1016/j.jcss.2016.03.007.CrossRef

160.

Guo, C., Ping, Y., Liu, N., & Luo, S.-S. (2016). A two-level hybrid approach for intrusion detection. Neurocomputing, 214, 391–400. https://doi.org/10.1016/j.neucom.2016.06.021.CrossRef

Titel: A comprehensive survey on network anomaly detection
verfasst von: Gilberto Fernandes Jr.
Joel J. P. C. Rodrigues
Luiz Fernando Carvalho
Jalal F. Al-Muhtadi
Mario Lemes Proença Jr.
Publikationsdatum: 02.07.2018
Verlag: Springer US
Erschienen in: Telecommunication Systems / Ausgabe 3/2019
Print ISSN: 1018-4864
Elektronische ISSN: 1572-9451
DOI: https://doi.org/10.1007/s11235-018-0475-8

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Jonas Klose/© Pine Valley Capital GmbH, Carina Kießling von der Strategieberatung Roland Berger/© Monika Walther Fotografie | ATZ, Beijing Auto Show 2024: Deutsche Hersteller wollen angreifen./© EKH-Pictures / Generated with AI / Stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2019

Round robin, distributed and centralized relay selection for cognitive radio networks in the presence of Nakagami fading channels

End-user traffic policing for QoS assurance in polyservice RINA networks

Allais’ paradox and resource allocation in telecommunication networks

Certificateless deniably authenticated encryption and its application to e-voting system

Speedy leader election to avoid application discontinuity in cognitive radio networks

Modeling and improving the throughput of vehicular networks using cache enabled RSUs

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.