Machine Learning for Detecting Anomalies and Intrusions in Communication Networks

Li, Zhida; Rios, Ana Laura Gonzalez; Trajković, Ljiljana

doi:10.1109/jsac.2021.3078497

Cited by 35 publications

(12 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2017, Schlamp et al [8] have implemented HEAP in BGL to analyse hijacking alarms. The Internet routing registry was used to determine the commercial or corporate relationships between the event's participants.…”

Section: A Related Workmentioning

confidence: 99%

“…From the "lowest to the largest value," it shows how uniformly the data elements are distributed through time [8]. D % of data values were under D percentile, while 100-D % are upon th J percentile.…”

Section: Percentilementioning

confidence: 99%

“…Malicious attacks are common against BGP [8]. BGP raw data is typically used as the input for BGP anomaly detection methods [9].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Parametric and Non-parametric Analysis on RHMFO based Optimal Detection of BorderGateway Protocol Anomalies

Mala

Chairperson

2022

Preprint

View full text Add to dashboard Cite

For secure and effective Internet access, the Border Gateway Protocol (BGP) must be able to recognize and stop strange coincidences in real time. Regardless, over the past ten years, more study has focused on spotting BGP abnormalities; because of the rise of new bizarre behaviour from both hackers and network configuration errors, it continues to be more challenging. This work goes with the parametric and non parametric analysis of RHMFO based Optimal Detection of BGP Anomalieswith two major steps (i) Feature Extraction (ii) Anomaly Detection". Initially, extensive features such "statistical features, higher order statistical features, and correntropy features" are extracted during the feature extraction stage. For the detection process, an optimized DBN is proposed to define the presence of attack. Here, a hybrid optimization model known as RHMFO is introduced to fine-tune the weight of DBN in order to enhance the detection accuracy. The traditional Rider Optimization Method (ROA) and the MFO algorithm are conceptually combined to create the suggested RHMFO paradigm. Finally, in this paper, parametric and non-parametric analysis is performed. By varying the parameters of RHMFO, the performance of the suggested work is evaluated.

show abstract

Section: A Related Workmentioning

confidence: 99%

Section: Percentilementioning

confidence: 99%

See 1 more Smart Citation

Parametric and Non-parametric Analysis on RHMFO based Optimal Detection of BorderGateway Protocol Anomalies

Mala

Chairperson

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Methods for detecting attacks in networks include three ways: "signature-based detection", That matches the signature of the known attack with the current traffic, "anomaly-based detection", Depends on visualizing a normal or legitimate profile obtained under normal network conditions without attacks, and comparing the network's actions with it for identify anomalies and "specification-based detection", This type depends on matching the predetermined and memorized specification with the criteria or specification to detect a certain programmer's operation and notify any violation of such criteria [8]- [10].…”

Section: Introductionmentioning

confidence: 99%

Performance analysis of intrusion detection for deep learning model based on CSE‑CIC‑IDS2018 dataset

Farhan

Jasim

2022

IJEECS

View full text Add to dashboard Cite

<span>The evolution of the internet of things as a promising and modern technology has facilitated daily life. Its emergence was accompanied by challenges represented by its frequent exposure to attacks and its being a target for intruders who exploit the gaps in this technology in terms of the nature of its heterogeneous data and its large quantity. This made the study of cyber security an urgent necessity to monitor infrastructures It has network flaw detection and intrusion detection that helps protect the network by detecting attacks early and preventing them. As a result of advances in machine learning techniques, especially deep learning and its ability to self-learning and feature extraction with high accuracy, the research exploits deep learning to analyze the real data set of CSE-CIC-IDS2018 network traffic, which includes normal behavior and attacks, and evaluate our deep model long short-term memory (LSTM), That achieves accuracy of detection up to 99%.</span>

show abstract

“…Existing researches [6], [7], [8] have shown that the abnormal behaviors of VMs usually come with a significant change in resource metrics, so it is a good way to implement anomaly detection for VMs by collecting and analyzing its multi-dimensional resource metrics data. Although there have been many interesting researches for anomaly detection, including statistical and probability methods [9], [10], distance-based methods [11], [12], domain-based methods [13], [14], reconstruction-based methods [15], [16], [17], and information theory based methods [18], as classified in [19], detecting anomalies of VMs in virtualized network slicing environment still faces many challenges:…”

Section: Introductionmentioning

confidence: 99%

Federated Multi-Discriminator BiWGAN-GP Based Collaborative Anomaly Detection for Virtualized Network Slicing

Wang

Liang

Lun

et al. 2022

IEEE Trans. on Mobile Comput.

View full text Add to dashboard Cite

Virtualized network slicing allows a multitude of logical networks to be created on a common substrate infrastructure to support diverse services. A virtualized network slice is a logical combination of multiple virtual network functions, which run on virtual machines (VMs) as software applications by virtualization techniques. As the performance of network slices hinges on the normal running of VMs, detecting and analyzing anomalies in VMs are critical. Based on the three-tier management framework of virtualized network slicing, we first develop a federated learning (FL) based three-tier distributed VM anomaly detection framework, which enables distributed network slice managers to collaboratively train a global VM anomaly detection model while keeping metrics data locally. The high-dimensional, imbalanced, and distributed data features in virtualized network slicing scenarios invalidate the existing anomaly detection models. Considering the powerful ability of generative adversarial network (GAN) in capturing the distribution from complex data, we design a new multi-discriminator Bidirectional Wasserstein GAN with Gradient Penalty (BiWGAN-GP) model to learn the normal data distribution from high-dimensional resource metrics datasets that are spread on multiple VM monitors. The multi-discriminator BiWGAN-GP model can be trained over distributed data sources, which avoids high communication and computation overhead caused by the centralized collection and processing of local data. We define an anomaly score as the discriminant criterion to quantify the deviation of new metrics data from the learned normal distribution to detect abnormal behaviors arising in VMs. The efficiency and effectiveness of the proposed collaborative anomaly detection algorithm are validated through extensive experimental evaluation on a real-world dataset.

show abstract

Machine Learning for Detecting Anomalies and Intrusions in Communication Networks

Cited by 35 publications

References 51 publications

Parametric and Non-parametric Analysis on RHMFO based Optimal Detection of BorderGateway Protocol Anomalies

Parametric and Non-parametric Analysis on RHMFO based Optimal Detection of BorderGateway Protocol Anomalies

Performance analysis of intrusion detection for deep learning model based on CSE‑CIC‑IDS2018 dataset

Federated Multi-Discriminator BiWGAN-GP Based Collaborative Anomaly Detection for Virtualized Network Slicing

Contact Info

Product

Resources

About