Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Annals of Data Science
Erschienen in: Annals of Data Science 1/2015

01.03.2015

Novel Approach for Network Traffic Pattern Analysis using Clustering-based Collective Anomaly Detection

verfasst von: Mohiuddin Ahmed, Abdun Naser Mahmood

Erschienen in: Annals of Data Science | Ausgabe 1/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

There is increasing interest in the data mining and network management communities in improving existing techniques for the prompt analysis of underlying traffic patterns. Anomaly detection is one such technique for detecting abnormalities in many different domains, such as computer network intrusion, gene expression analysis, financial fraud detection and many more. Clustering is a useful unsupervised method for both identifying underlying patterns in data and anomaly detection. However, existing clustering-based techniques have high false alarm rates and consider only individual data instances for anomaly detection. Interestingly, there are traffic flows which seem legitimate but are targeted at disrupting a normal computing environment, such as the Denial of Service (DoS) attack. The presence of such anomalous data instances explains the poor performances of existing clustering-based anomaly detection techniques. In this paper, we formulate the problem of detecting DoS attacks as a collective anomaly which is a pattern in the data when a group of similar data instances behave anomalously with respect to the entire dataset. We propose a framework for collective anomaly detection using a partitional clustering technique to detect anomalies based on an empirical analysis of an attack’s characteristics. We validate our approach by comparing its results with those from existing techniques using benchmark datasets.
Vorheriger Artikel Event Management for Sensing Enterprises with Decision Support Systems

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Anhänge
Nur mit Berechtigung zugänglich
Literatur
1.
Hansman S, Hunt R (2005) A taxonomy of network and computer attacks. Comput Secur 24(1):31–43CrossRef
2.
Roesch M (1999) Snort—lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX conference on system administration, LISA ’99. USENIX Association, Berkeley, CA, USA, pp 229–238
3.
Shi Y, Tian Y, Kou G, Peng Y, Li J (2011) Optimization based data mining: theory and applications. Springer, New YorkCrossRef
4.
Shi Y (2010) Multiple criteria optimization-based data mining methods and applications: a systematic survey. Knowl Inf Syst 24(3):369–391CrossRef
5.
Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 13(2):222–232CrossRef
6.
Thottan M, Ji C (2003) Anomaly detection in ip networks. IEEE Trans Signal Process 51(8):2191–2204CrossRef
7.
Barford P, Kline J, Plonka D, Ron A (2002) A signal analysis of network traffic anomalies. In: Proceedings of the 2Nd ACM SIGCOMM workshop on internet measurment, IMW ’02. ACM, New York, NY, USA, pp 71–82
8.
Jain AK, Murty MN, Flynn PJ (1999) Data clustering: a review. ACM Comput Surv 31(3):264–323CrossRef
9.
Portnoy L, Eskin E, Stolfo S (2001) Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS workshop on data mining applied to security (DMSA-2001, pp 5–8
10.
Valdes A, Javitz HS (1993) The nides statistical component: Description and justification, In: Technical Report
11.
Peng T, Leckie C, Ramamohanarao K (2002) Detecting distributed denial of service attacks using source ip address monitoring. In: Proceedings of the 3rd international IFIP-TC6 networking conference (Networking 2004, Springer, pp 771–782
12.
MacQueen JB (1967) Some methods for classification and analysis of multivariate observations. In: Cam, LML Neyman J (Eds) Proceedings of the fifth berkeley symposium on mathematical statistics and probability, Vol. 1, University of California Press, pp 281–297
13.
14.
15.
Leung K, Leckie C (2005) Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the 28th Australasian conference on computer science—Volume 38, ACSC ’05. Australian Computer Society Inc, Darlinghurst, Australia, Australia, pp 333–342
16.
Brauckhoff D, Dimitropoulos X, Wagner et al (2009) Anomaly extraction in backbone networks using association rules. IEEE/ACM Trans Netw (TON) 20:1788–1799CrossRef
17.
Singhal A, Jajodia S (2006) Data warehousing and data mining techniques for intrusion detection systems. Distrib Parallel Databases 20(2):149–166CrossRef
18.
Ye N, Li X (2001) A scalable clustering technique for intrusion signature recognition. In: Proceedings of 2001 IEEE workshop on information assurance and security, pp 1–4
19.
Gao M, Tian J, Xia M (2009) Intrusion detection method based on classify support vector machine. In: Intelligent computation technology and automation, 2009. ICICTA ’09. Second international conference on, Vol. 2, 2009, pp 391–394
20.
Kendall K (1999) A database of computer attacks for the evaluation of intrusion detection systems. In: DARPA off-line intrusion detection evaluation, proceedings of DARPA information survivality conference and eexposition (DISCEX), p 12–26
21.
Ahmed M, Mahmood AN (2014) Network traffic pattern analysis using improved information-theoretic co-clustering based collective anomaly detection. In: Security and privacy in communication networks, lecture notes of the institute for computer sciences, social informatics and telecommunications engineering, Springer, Berlin Heidelberg
22.
Dan Pelleg AM (2000) X-means: extending k-means with efficient estimation of the number of clusters. In: Proceedings of the 17th international conference on machine learning. Morgan Kaufmann, San Francisco, pp 727–734
23.
Ahmed M, Naser A (2013) A novel approach for outlier detection and clustering improvement. In: Industrial electronics and applications (ICIEA), 2013 8th IEEE conference on, 2013, pp 577–582
24.
Mardia KV, Kent JT, Bibby JM (1979) Multivariate analysis. Academic Press, London
25.
Ahmed M, Mahmood AN, Hu J (2014) Outlier detection, In: The state of the art in intrusion prevention and detection, CRC Press, USA 2014, pp 3–23
26.
Ahmed M, Mahmood AN, Islam MR (2015) A survey of anomaly detection techniques in financial domain. Futur Gener Comput Syst
27.
Ahmed M, Anwar A, Mahmood AN, Shah Z, Maher MJ (2015) An investigation of performance analysis of anomaly detection techniques for big data in scada systems. EAI Endorsed Trans Ind Netw Intell Syst 2:2015
28.
Mennatallah Amer MG (2012) Nearest-neighbor and clustering based anomaly detection algorithms for rapidminer, 1st edn. Shaker Verlag GmbH, Aachen
29.
He Z, Xu X, Deng S (2003) Discovering cluster based local outliers. Pattern Recognit Lett 2003:9–10
30.
Ahmed M, Mahmood A (2014) Network traffic analysis based on collective anomaly detection. In: Industrial electronics and applications (ICIEA), 2014 IEEE 9th Conference on, June 2014, pp 1141–1146
31.
Wang K, Stolfo SJ (2004) Anomalous payload-based network intrusion detection. In: Jonsson E, Valdes A, Almgren M (Eds), RAID of lecture notes in computer science. Springer, New York, Vol. 3224, pp 203–222
32.
33.
Mahmood A, Leckie C, Udaya P (2007) A scalable sampling scheme for clustering in network traffic analysis. In: Proceedings of the 2nd international conference on scalable information systems, infoScale ’07, 2007, pp 38:1–38:8
34.
Claffy KC, Polyzos GC, Braun H-W (1993) Application of sampling methodologies to network traffic characterization. SIGCOMM Comput Commun Rev 23(4):194–203CrossRef
35.
36.
Wang X, Abraham A, Smith KA (2005) Intelligent web traffic mining and analysis. J Netw Comput Appl 28(2):147–165CrossRef
37.
Zhu R (2011) Intelligent rate control for supporting real-time traffic in WLAN mesh networks. J Netw Comput Appl 34(5):1449–1458CrossRef
38.
Hoplaros D, Tari Z, Khalil I (2014) Data summarization for network traffic monitoring. J Netw Comput Appl 37:194–205CrossRef
Metadaten
Titel
Novel Approach for Network Traffic Pattern Analysis using Clustering-based Collective Anomaly Detection
verfasst von
Mohiuddin Ahmed
Abdun Naser Mahmood
Publikationsdatum
01.03.2015
Verlag
Springer Berlin Heidelberg
Erschienen in
Annals of Data Science / Ausgabe 1/2015
Print ISSN: 2198-5804
Elektronische ISSN: 2198-5812
DOI
https://doi.org/10.1007/s40745-015-0035-y

Weitere Artikel der Ausgabe 1/2015

Annals of Data Science 1/2015 Zur Ausgabe

OriginalPaper

Event Management for Sensing Enterprises with Decision Support Systems

OriginalPaper

Estimation of Stress-Strength Reliability for the Generalized Pareto Distribution Based on Progressively Censored Samples

ReviewPaper

Forecasting with Big Data: A Review

OriginalPaper

Indebted Households Profiling: A Knowledge Discovery from Database Approach

OriginalPaper

Bayesian Nonparametric Approaches to Abnormality Detection in Video Surveillance

OriginalPaper

Refining a Taxonomy by Using Annotated Suffix Trees and Wikipedia Resources

Premium Partner

    Bildnachweise