Network anomaly detection: A survey and comparative analysis of stochastic and deterministic methods

Wang, Jing; Rossell, Daniel; Cassandras, Christos G.; Paschalidis, Ioannis Ch.

doi:10.1109/cdc.2013.6759879

Cited by 10 publications

(2 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Packet-based attack identification methods use packet header information, such as IP address and header size, to infer the degree of anomaly. Wang et al [5] used packet header information and correlation between the target IP address and port of edge routers for identification. LUCID [6] represented the packet header data sequence as an image and used CNN for feature learning.…”

Section: Packet-based Attack Identification Methodsmentioning

confidence: 99%

“…To address the above problems, research in attack identification has evolved significantly over time, as shown in Figure 1. Early works [5,6] used plaintext information extracted from packet headers to make inferences about the degree of anomalies, such as IP address and packet header size, as shown in Figure 1a. However, these methods only rely on header information with a short length and single feature dimension, needing more analytical study of correlation features among packets from a holistic perspective, and the available plaintext information becomes more ambiguous.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Accurate Encrypted Malicious Traffic Identification via Traffic Interaction Pattern Using Graph Convolutional Network

Ren

Cheng

2023

Applied Sciences

View full text Add to dashboard Cite

Telecommuting and telelearning have gradually become mainstream lifestyles in the post-epidemic era. The extensive interconnection of massive terminals gives attackers more opportunities, which brings more significant challenges to network traffic security analysis. The existing attacks, often using encryption technology and distributed attack methods, increase the number and complexity of attacks. However, the traditional methods need more analysis of encrypted malicious traffic interaction patterns and cannot explore the potential correlations of interaction patterns in a macroscopic and comprehensive manner. Anyway, the changes in interaction patterns caused by attacks also need further study. Therefore, to achieve accurate and effective identification of attacks, it is essential to comprehensively describe the interaction patterns of malicious traffic and portray the relations of interaction patterns with the appearance of attacks. We propose a method for classifying attacks based on the traffic interaction attribute graph, named G-TIAG. At first, the G-TIAG studies interaction patterns of traffic describes the construction rule of the graphs and selects the attributive features of nodes in each graph. Then, it uses a convolutional graph network with a GRU and self-attention to classify benign data and different attacks. Our approach achieved the best classification results, with 89% accuracy and F1-Score, 88% recall, respectively, on publicly available datasets. The improvement is about 7% compared to traditional machine learning classification results and about 6% compared to deep learning classification results, which finally successfully achieved the classification of attacks.

show abstract

Section: Packet-based Attack Identification Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%