ABSTRACT
Traffic monitoring is an arduous task and requires mechanisms to proactively detect anomalous events that may harm the proper functioning of computer networks. Since the emergence of network management, several approaches have been developed to address this issue. In this paper, we examine and compare three methods used for anomaly detection: the statistical procedure Principal Component Analysis, the Ant Colony Optimization metaheuristic and the AutoRegressive Integrated Moving Average forecasting method. Experimental results on traffic collected at the backbone of a University network demonstrate high confidence in detection accuracy.
- Scorpius - sflow anomaly simulator, 2013. http://redes.dc.uel.br/scorpius, Access date: 10.06.2014.Google Scholar
- M. Bhuyan, D. Bhattacharyya, and J. Kalita. Network anomaly detection: Methods, systems and tools. Communications Surveys Tutorials, IEEE, 16(1):303--336, First 2014.Google ScholarCross Ref
- G. Box, G. Jenkins, and G. Reinsel. Time Series Analysis: Forecasting and Control. Wiley Series in Probability and Statistics. Wiley, 2008. Google ScholarDigital Library
- L. Carvalho, J. Rodrigues, S. Barbon, and M. Lemes Proenca. Using ant colony optimization metaheuristic and dynamic time warping for anomaly detection. In Software, Telecommunications and Computer Networks (SoftCOM), 2013 21st International Conference on, pages 1--5, Sept 2013.Google Scholar
- S. Chang, X. Qiu, Z. Gao, K. Liu, and F. Qi. A flow-based anomaly detection method using sketch and combinations of traffic features. In Network and Service Management (CNSM), 2010 International Conference on, pages 302--305, Oct 2010.Google ScholarCross Ref
- B. Claise, B. Trammell, and P. Aitken. Specification of the ip flow information export (ipfix) protocol for the exchange of flow information. RFC 7011, Sept. 2013.Google Scholar
- N. C. da Costa, D. Krause, and O. Bueno. Paraconsistent logics and paraconsistency. In D. Jacquette, editor, Philosophy of Logic, Handbook of the Philosophy of Science, pages 791--911. North-Holland, Amsterdam, 2007.Google ScholarCross Ref
- M. V. de Assis, J. J. Rodrigues, and M. L. P. Jr. A seven-dimensional flow analysis to help autonomous network management. Information Sciences, 278(0):900--913, 2014.Google ScholarCross Ref
- M. Dorigo, M. Birattari, and T. Stutzle. Ant colony optimization. Computational Intelligence Magazine, IEEE, 1(4):28--39, nov. 2006. Google ScholarDigital Library
- T. Fawcett. An introduction to roc analysis. Pattern Recogn. Lett., 27(8):861--874, June 2006. Google ScholarDigital Library
- G. Fernandes Jr., A. Zacaron, J. Rodrigues, and M. Lemes Proença Jr. Digital signature to help network management using principal component analysis and k-means clustering. In Communications (ICC), 2013 IEEE International Conference on, pages 2519--2523, June 2013.Google ScholarCross Ref
- R. Fontugne and K. Fukuda. A hough-transform-based anomaly detector with an adaptive time interval. SIGAPP Appl. Comput. Rev., 11(3):41--51, Aug. 2011. Google ScholarDigital Library
- W. Ford. Chapter 19 - the symmetric eigenvalue problem. In W. Ford, editor, Numerical Linear Algebra with Applications, pages 439--468. Academic Press, Boston, 2015.Google Scholar
- H. Jiang, Q. Yu, and Y. Gong. An improved ant colony clustering algorithm. In Biomedical Engineering and Informatics (BMEI), 2010 3rd International Conference on, volume 6, pages 2368--2372, oct. 2010.Google ScholarCross Ref
- I. Jolliffe. Principal component analysis. Springer Verlag, New York, 2002.Google Scholar
- L. Kuang and M. Zulkernine. An anomaly intrusion detection method using the csi-knn algorithm. In Proceedings of the 2008 ACM Symposium on Applied Computing, SAC '08, pages 921--926, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- A. Lakhina, M. Crovella, and C. Diot. Diagnosing network-wide traffic anomalies. In Proceedings of the SIGCOMM '04, pages 219--230, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- M. Navas and C. Ordonez. Efficient computation of pca with svd in sql. In Proceedings of the 2Nd Workshop on Data Mining Using Matrices and Tensors, DMMT '09, pages 5:1--5:10, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- I. C. Paschalidis and Y. Chen. Statistical anomaly detection with sensor networks. ACM Trans. Sen. Netw., 7(2):17:1--17:23, Sept. 2010. Google ScholarDigital Library
- E. H. M. Pena, S. Barbon, Jr., J. J. P. C. Rodrigues, and M. L. Proenca, Jr. Anomaly detection using digital signature of network segment with adaptive arima model and paraconsistent logic. In Comp. and Comm. (ISCC), 2014 IEEE Symposium on, June 2014.Google ScholarCross Ref
- H. Sakoe and S. Chiba. Dynamic programming algorithm optimization for spoken word recognition. Acoustics, Speech and Signal Processing, IEEE Transactions on, 26(1):43--49, feb 1978.Google Scholar
- L. I. Smith. A tutorial on principal components analysis. Technical report, Cornell University, USA, February 26 2002.Google Scholar
- B. B. Zarpelão, L. D. S. Mendes, and M. L. Proença, Jr. Anomaly detection aiming pro-active management of computer network based on digital signature of network segment. J. Netw. Syst. Manage., 15(2):267--283, June 2007. Google ScholarDigital Library
Index Terms
- Statistical, forecasting and metaheuristic techniques for network anomaly detection
Recommendations
Anomaly detection using the correlational paraconsistent machine with digital signatures of network segment
This study presents the correlational paraconsistent machine (CPM), a tool for anomaly detection that incorporates unsupervised models for traffic characterization and principles of paraconsistency, to inspect irregularities at the network traffic flow ...
A Class of Non-statistical Traffic Anomaly Detection in Complex Network Systems
ICDCSW '12: Proceedings of the 2012 32nd International Conference on Distributed Computing Systems WorkshopsRecently Network traffic anomaly detection has become a popular research tendency, as it can detect new attack types in real time. The real-time network traffic anomaly detection is still an unsolved problem of network security. The network traffic ...
RETRACTED: Personalized federated learning framework for network traffic anomaly detection
This article has been retracted: please see Elsevier Policy on Article Withdrawal ().
This article has been retracted at the request of the Authors.
The outcomes of the experiments were obtained with a single ...
Comments