nach oben

Soft Computing

Erschienen in:

15.06.2017 | Focus

Network anomaly detection based on probabilistic analysis

verfasst von: JinSoo Park, Dong Hag Choi, You-Boo Jeon, Yunyoung Nam, Min Hong, Doo-Soon Park

Erschienen in: Soft Computing | Ausgabe 20/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In this paper, we propose a method to detect network intrusions using anomaly detection technique based on probabilistic analysis. Victim’s computers under attack show various symptoms such as degradation of TCP throughput, increase in CPU usage, increased round trip time, frequent disconnection to the Web sites, etc. These symptoms can be used as components to construct the k-dimensional feature space of multivariate normal distribution, in which case an anomaly detection method can be applied for the detection of the attack on the distribution. These features are generally highly correlated. Thus we choose only a few of these features for the anomaly detection in multivariate normal distribution. We use Mahalanobis distance to detect the anomalies for each data, normal, and abnormal. Anomalies are identified when their square root of Mahalanobis distance exceeds certain threshold. A detailed description of the threshold setting and the various experiments are discussed in simulation results.

Vorheriger Artikel Advanced computer science and applications for soft computing of converged IT environments

Nächster Artikel A novel group decision-making model based on triangular neutrosophic numbers

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Bayarjargal D, Cho G (2014) Detecting an anomalous traffic attack area based on entropy distribution and mahalanobis distance. Int J Secur Appl 8:87–94

Bhat A, Patra S, Jena D (2013) Machine learning approach for intrusion detection on cloud virtual machines. Int J Appl Innov Eng Manag 2:56–66

Chen T, Zhang X, Jin S, Kim O (2014) Efficient classification using parallel and scalable compressed model and its application on intrusion detection. Expert Syst Appl 41:5972–5983CrossRef

Jingle IDJ, Rajsingh EB (2014) ColShield: an effective and collaborative protection shield for the detection and prevention of collaborative flooding of DDoS attacks in wireless mesh networks. Hum Centric Comput Inf Sci 8:1–19

Johnson RA, Wichern DW (eds) (2007) Applied multivariate statistical analysis, 2nd edn. Pearson Prentice Hall, Upper Saddle RiverMATH

Joo J, Lee J, Park J (2015) Security considerations for a connected car. J Converg 6:1–9

Keegan N, Ji S, Chaudhary A, Concolato C, Yu B, Jeong DH (2016) A survey of cloud-based network intrusion detection analysis. Hum Centric Comput Inf Sci 6:1–16CrossRef

Kolahi SS, Treseangrat K, Sassafpour B (2015) Analysis of UDP DDoS flood cyber attack and defense mechanisms on web server with Linux Ubuntu 13. In: 2015 international conference on communications, signal processing, and their applications (ICCSPA), vol 17–19

Lecture notes.http://www.ece.vt.edu/people/profile/mili

Lecture notes.https://www.coursera.org/learn/machine-learning

Lu K, Wu D, Fan J, Todorovic S, Nucci A (2007) Robust and efficient detection of DDoS attacks for large-scale internet. Comput Netw 51:5036–5056CrossRef

Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (IDPS). NIST special publication 800–94, Gaithersburg, MD, USA

Shyu M-L, Chen S-C, Sarinnapakorn K, Chang L (2003) A novel anomaly detection scheme based on principal component classifier. In: Proceedings of the IEEE foundations and new directions of data mining workshop, Melbourne, FL, USA, pp 172–179

Singh R, Singh P, Duhan M (2014) An effective implementation of security based algorithmic approach in mobile adhoc networks. Hum Centric Comput Inf Sci 4:1–14CrossRef

Singh K, Guntuku SC, Thakur A, Hota C (2014) Big data analytics framework for peer-to-peer botnet detection using random forests. Inf Sci 278:488–497CrossRef

Staniford S, Hoagland JA, McAlerney JM (2002) Practical automated detection of stealthy portscans. J Comput Secur 10:105–136CrossRef

Stein G, Chen B, Wu A, Hua KA (2005) Decision tree classifier for network intrusion detection with GA-based feature selection. In: Proceedings of the 43rd annual Southeast regional conference, vol 2, pp 136–141

Tan L, Sherwood T (2005) A high throughput string matching architecture for intrusion detection and prevention. In: 32nd international symposium on computer architecture, pp 112–122

Tseng F-H, Chou L-D, Chao H-C (2011) A survey of black hole attacks in wireless mobile ad hoc networks. Hum Centric Comput Inf Sci 1:1–16CrossRef

Tuck N, Sherwood T, Calder B, Varghese G (2004) Deterministic memory-efficient string matching algorithms for intrusion detection. In: IEEE Infocom, pp 333–340

Valdes A, Skinner K (2000) Adaptive model-based monitoring for cyber attack detection. In: Recent advances in intrusion detection, Toulouse, France, pp 80–92

Warren R, Smith R, Cybenko A (2011) Use of Mahalanobis distance for detecting outliers and outlier clusters in markedly non-normal data: a vehicular traffic example. Interim Report (United States Air Force), pp. 9–11

Weon I, Song D, Ko S, Lee C (2005) A multiple instance learning problem approach model to anomaly network intrusion detection. Int J Inf Process Syst 1:14–21CrossRef

Ye N, Emran SM, Chen Q, Vilbert S (2002) Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Trans Comput 51:810–820CrossRef

Yeung D-Y, Ding Y (2003) Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognit 36:229–243CrossRef

Zhao W, Ma H, He Q (2009) Parallel k-means clustering based on mapreduce, (Cloud Computing 2009). Lect Notes Comput Sci 5931:674–679CrossRef

Titel: Network anomaly detection based on probabilistic analysis
verfasst von: JinSoo Park
Dong Hag Choi
You-Boo Jeon
Yunyoung Nam
Min Hong
Doo-Soon Park
Publikationsdatum: 15.06.2017
Verlag: Springer Berlin Heidelberg
Erschienen in: Soft Computing / Ausgabe 20/2018
Print ISSN: 1432-7643
Elektronische ISSN: 1433-7479
DOI: https://doi.org/10.1007/s00500-017-2679-3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 20/2018

MTD-Spamguard: a moving target defense-based spammer detection system in social network

A model for collecting and analyzing action data in a learning process based on activity theory

Motion quaternion-based motion estimation method of MYO using K-means algorithm and Bayesian probability

Incremental learning method for cyber intelligence, surveillance, and reconnaissance in closed military network using converged IT techniques

Defending against Packet-In messages flooding attack under SDN context

Advanced computer science and applications for soft computing of converged IT environments