Jayro Santiago-Paz scite author profile

This paper presents a high performance vision-based system with a single static camera for traffic surveillance, for moving vehicle detection with occlusion handling, tracking, counting, and One Class Support Vector Machine (OC-SVM) classification. In this approach, moving objects are first segmented from the background using the adaptive Gaussian Mixture Model (GMM). After that, several geometric features are extracted, such as vehicle area, height, width, centroid, and bounding box. As occlusion is present, an algorithm was implemented to reduce it. The tracking is performed with adaptive Kalman filter. Finally, the selected geometric features: estimated area, height, and width are used by different classifiers in order to sort vehicles into three classes: small, midsize, and large. Extensive experimental results in eight real traffic videos with more than 4000 ground truth vehicles have shown that the improved system can run in real time under an occlusion index of 0.312 and classify vehicles with a global detection rate or recall, precision, and F-measure of up to 98.190%, and an F-measure of up to 99.051% for midsize vehicles.

show abstract

Using Generalized Entropies and OC-SVM with Mahalanobis Kernel for Detection and Classification of Anomalies in Network Traffic

Santiago-Paz

Torres-Roman

Figueroa-Ypiña

et al. 2015

Entropy

View full text Add to dashboard Cite

Network anomaly detection and classification is an important open issue in network security. Several approaches and systems based on different mathematical tools have been studied and developed, among them, the Anomaly-Network Intrusion Detection System (A-NIDS), which monitors network traffic and compares it against an established baseline of a "normal" traffic profile. Then, it is necessary to characterize the "normal" Internet traffic. This paper presents an approach for anomaly detection and classification based on Shannon, Rényi and Tsallis entropies of selected features, and the construction of regions from entropy data employing the Mahalanobis distance (MD), and One Class Support Vector Machine (OC-SVM) with different kernels (Radial Basis Function (RBF) and Mahalanobis Kernel (MK)) for "normal" and abnormal traffic. Regular and non-regular regions built from "normal" traffic profiles allow anomaly detection, while the classification is performed under the assumption that regions corresponding to the attack classes have been previously characterized. Although this approach allows the use of as many features as required, only four well-known significant features were selected in our case. In order to evaluate our approach, two different data sets were used: one set of real traffic obtained from an Academic Local Area Network (LAN), and the other a subset of the 1998 MIT-DARPA Entropy 2015, 17 6240 set. For these data sets, a True positive rate up to 99.35%, a True negative rate up to 99.83% and a False negative rate at about 0.16% were yielded. Experimental results show that certain q-values of the generalized entropies and the use of OC-SVM with RBF kernel improve the detection rate in the detection stage, while the novel inclusion of MK kernel in OC-SVM and k-temporal nearest neighbors improve accuracy in classification. In addition, the results show that using the Box-Cox transformation, the Mahalanobis distance yielded high detection rates with an efficient computation time, while OC-SVM achieved detection rates slightly higher, but is more computationally expensive.

show abstract

Detecting anomalies in network traffic using Entropy and Mahalanobis distance

Santiago-Paz

Torres-Roman

Alvarado

2012

View full text Add to dashboard Cite

Characterization of worm attacks using entropy, Mahalanobis distance and K-nearest neighbors

Santiago-Paz

Torres-Roman

2014

View full text Add to dashboard Cite

This paper presents an algorithm based on entropy and Mahalanobis distance to characterize the behavior of worms attack. For this, is built a matrix with estimates of entropy of different intrinsic features of the network traffic, of this matrix four parameters {µ, , , d 2 } are obtained. These values determine an ellipsoidal region that characterizes the behavior of the worm within the space defined by the traffic features. Tests were conducted with two types of traces, one obtained from a LAN network traffic containing real attacks Blaster, Sasser and Welchia, and the other one is a Smurf attack obtained from the MIT-DARPA dataset. Using K nearest neighbors in time was performed a classification of the slots that were outside the ellipsoidal regions defined previously.

show abstract

On Entropy in Network Traffic Anomaly Detection

Santiago-Paz

Torres-Roman

2015

View full text Add to dashboard Cite

Different systems, e.g., the anomaly-based network intrusion detection system (A-NIDS), have been continuously developed in order to ensure integrity, availability, and confidentiality of networks. In this paper, we present a structured and comprehensive overview of the research into entropy-based A-NIDS with the intention of providing researchers a quick introduction to essential aspects of this topic. The main components of the general architecture of A-NIDS based on Entropy are discussed. The achieved high detection rates prove the effective use of entropy. Finally, some open issues in entropy-based network traffic anomaly detection are also highlighted.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.