Network anomaly detection with the restricted Boltzmann machine

Fiore, Ugo; Palmieri, Francesco; Castiglione, Aniello; Santis, Alfredo De

doi:10.1016/j.neucom.2012.11.050

Cited by 332 publications

(147 citation statements)

References 20 publications

Supporting

Mentioning

145

Contrasting

Unclassified

Order By: Relevance

“…Mostly, RBMs have been used as generative models of many types high-dimensional data including labeled or unlabeled images that represent speech, bags of words that represent documents, and user ratings of movies. Also, recently some NIDS researches has been dipping their toe into RBMs [11].…”

Section: Restricted Boltzmann Machinementioning

confidence: 99%

“…While an exact computation is intractable, the gradient can be estimated using a method called contrastive divergence (CD) [11]. CD learning is highly successful and is becoming the standard learning, only runs block Gibbs sampling for k (usually k = 1 [13]) steps to approximate the second term in the log-likelihood gradient from a sample from the RBM distribution [14].…”

Section: Restricted Boltzmann Machinementioning

confidence: 99%

“…Feature extraction starts from an initial set of measured raw network data and builds derived values (features) in a unified form that is intended to be informative and non-redundant, facilitating the subsequent training, decoding and classification. The usual way of feature extraction is picking or combining some of the protocol field values or network parameters as features (vectors) via human analysts [2]- [6], [11], [19]- [21]. We define the extracted feature of raw network data as Eq.…”

Section: Feature Extractionmentioning

confidence: 99%

See 2 more Smart Citations

A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network

Hua

Zhu

Ma³

et al. 2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYAs advances in networking technology help to connect industrial control networks with the Internet, the threat from spammers, attackers and criminal enterprises has also grown accordingly. However, traditional Network Intrusion Detection System makes significant use of pattern matching to identify malicious behaviors and have bad performance on detecting zero-day exploits in which a new attack is employed. In this paper, a novel method of anomaly detection in industrial control network is proposed based on RNN-GBRBM feature decoder. The method employ network packets and extract high-quality features from raw features which is selected manually. A modified RNN-RBM is trained using the normal traffic in order to learn feature patterns of the normal network behaviors. Then the test traffic is analyzed against the learned normal feature pattern by using osPCA to measure the extent to which the test traffic resembles the learned feature pattern. Moreover, we design a semi-supervised incremental updating algorithm in order to improve the performance of the model continuously. Experiments show that our method is more efficient in anomaly detection than other traditional approaches for industrial control network.

show abstract

Section: Restricted Boltzmann Machinementioning

confidence: 99%

Section: Restricted Boltzmann Machinementioning

confidence: 99%

Section: Feature Extractionmentioning

confidence: 99%

See 1 more Smart Citation

A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network

Hua

Zhu

Ma³

et al. 2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…That is, an oversize security header of a SOAP message can cause the same effects of an oversize payload, where as a further adverse effect, a chained encrypted key can lend to high memory and CPU capacity consumption. Some possible solutions could be the adoption of anomaly detection techniques such as the ones proposed in [18][36]Palmieri2010737 and [37]. Nevertheless, the energy-related attacks are very difficult to be detected since they are very simple and easy to implement, but extremely difficult to stop because there is no way to distinguish between legitimate and illegitimate requests and hence no way to filter such traffic.…”

Section: Processing Power Exhaustion Dosesmentioning

confidence: 99%

Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures

Palmieri

Ricciardi

Fiore³

et al. 2014

J Supercomput

Self Cite

View full text Add to dashboard Cite

This work analyzes a new and very subtle kind of security threat that can affect large scale cloudbased IT service infrastructures, by exploiting the computational resources of their component data center in order to waste as much energy as possible. The consequence of these threats range from increased costs in the energy bill, to penalization for exceeding the agreed quantity of green house gases (GHG) emissions, up to complete denial of service caused by electrical outages due to power budget exhaustion.We analyzed the different types of such attacks with their potential impacts on the energy consumption, modeled their behavior and quantified how current energyproportional technologies may provide attackers with great opportunities for raising the target facility emissions and costs. These efforts resulted in a simple model with some parametric reference values that can be used to estimate the impact of such attacks also in presence of very large infrastructures containing thousands or

show abstract

“…Another reason is that several methods for anomaly detection require labeling of normal and/or abnormal behaviors that are not easy to archive [8,9]. In addition, it is not easy to choose a suitable tool for anomaly detection.…”

Section: Introductionmentioning

confidence: 99%

An Anomaly Detection Based on Optimization

Alguliyev¹,

Alıguliyev²,

İmamverdiyev³

et al. 2017

IJISA

View full text Add to dashboard Cite

Abstract-At present, an anomaly detection is one of the important problems in many fields. The rapid growth of data volumes requires the availability of a tool for data processing and analysis of a wide variety of data types. The methods for anomaly detection are designed to detect object's deviations from normal behavior. However, it is difficult to select one tool for all types of anomalies due to the increasing computational complexity and the nature of the data. In this paper, an improved optimization approach for a previously known number of clusters, where a weight is assigned to each data point, is proposed. The aim of this article is to show that weighting of each data point improves the clustering solution. The experimental results on three datasets show that the proposed algorithm detects anomalies more accurately. It was compared to the k-means algorithm. The quality of the clustering result was estimated using clustering evaluation metrics. This research shows that the proposed method works better than k-means on the Australia (credit card applications) dataset according to the Purity, Mirkin and F-measure metrics, and on the heart diseases dataset according to F-measure and variation of information metric.

show abstract

Network anomaly detection with the restricted Boltzmann machine

Cited by 332 publications

References 20 publications

A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network

A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network

Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures

An Anomaly Detection Based on Optimization

Contact Info

Product

Resources

About