Xiaodong Zang scite author profile

Anomaly detection is the first step with a challenging task of securing a communication network, as the anomalies may indicate suspicious behaviors, attacks, network malfunctions, or failures. In this paper, we address the problem of not only detecting different anomalies, such as volume based (e.g., DDoS or Flash crowd) and spatial based (e.g., network scan), that arise simultaneously in the wild but also of attributing the anomalous point to a single-anomaly event causing it. Besides, we also tackle the problem of low-detection accuracy caused by the phenomenon of traffic drift. To this end, a novel adaptive profile-based anomaly detection scheme is proposed. More specifically, a more comprehensive metrics set is defined from the dimensions of temporal, spatial, category, and intensity to compose IP traffic behavior characteristic spectrum for fine-grained traffic characterization. Then, the digital signature matrix obtained by using the ant colony optimization (ACO) algorithm is applied to construct the baseline profile of the normal traffic behavior. Anomalous points are identified and analyzed by using confidence bands and a generic clustering technique, respectively. Finally, a lightweight updating strategy is applied to reduce the number of false positives. Real-world data of China Education Research Network backbone and synthetic data are collected to verify our proposal. The experimental results demonstrate that our approach provides a fine-grained behavior description ability and has significantly increased the detection accuracy compared with other similar alternatives.

show abstract

Identifying DGA Malware via Behavior Analysis

Zang

Gong

Zong

2021

View full text Add to dashboard Cite

Stackelberg-Game-Based Intelligent Offloading Incentive Mechanism for a Multi-UAV-Assisted Mobile-Edge Computing System

Wang

Zhang

Zang

et al. 2023

IEEE Internet Things J.

View full text Add to dashboard Cite

Encrypted DNS Traffic Analysis for Service Intention Inferring

Gong

Wang

Zang

2023

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Xiaodong Zang

Identifying Fast-Flux Botnet With AGD Names at the Upper DNS Hierarchy

An Adaptive Profile-Based Approach for Detecting Anomalous Traffic in Backbone

Identifying DGA Malware via Behavior Analysis

Stackelberg-Game-Based Intelligent Offloading Incentive Mechanism for a Multi-UAV-Assisted Mobile-Edge Computing System

Encrypted DNS Traffic Analysis for Service Intention Inferring

Contact Info

Product

Resources

About