Statistical and signal‐based network traffic recognition for anomaly detection

Choraś, Michał; Saganowski, Łukasz; Renk, Rafał; Hołubowicz, Witold

doi:10.1111/j.1468-0394.2010.00576.x

Cited by 31 publications

(13 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Residuals are then put into an outlier detection algorithm to make decisions. In addition, [6,[11][12] are other examples of signal-based research for network anomaly detection.…”

Section: A Signal-based Anomaly Detectionmentioning

confidence: 98%

Combining density-based clustering and wavelet methods for internal systems anomaly detection

Liu

Lin

Chen

2011

2011 13th Asia-Pacific Network Operations and Management Symposium

View full text Add to dashboard Cite

Internal information systems play an important role in keeping the enterprises running well. To detect system anomalies, previous research achieved good results with system symptoms; however, the presented results are primarily performed on a relatively small scale and within a short time period. To understand the system's long-term profiles, we collected four common symptom data including CPU usage, memory loading, disk I/O, and network I/O from more than 100 online internal systems that includes 300 servers for 9 months. We randomly selected 50 servers from these servers and analyze their data in order to understand each symptom's long-term features. Based on our findings in network I/O, we propose a new approach combining a density-based clustering and wavelet methods to detect system anomalies. We also select 44 other servers to evaluate the false positive rate and simulate three types of system anomalies to evaluate the detection rate. The experiment results show that our approach has a great improvement on both the false positive rate and the detection rate compared to another wavelet-based network anomaly detection approach.

show abstract

“…Residuals are then put into an outlier detection algorithm to make decisions. In addition, [6,[11][12] are other examples of signal-based research for network anomaly detection.…”

Section: A Signal-based Anomaly Detectionmentioning

confidence: 98%

Combining density-based clustering and wavelet methods for internal systems anomaly detection

Liu

Lin

Chen

2011

2011 13th Asia-Pacific Network Operations and Management Symposium

View full text Add to dashboard Cite

show abstract

“…Although the authors discuss directions to parallelize the algorithm, there is no evaluation focusing on how such system would address the high throughput and low latency analysis challenges addressed by STONE . Choras et al (2012) present an anomaly detection framework based on signal-based features extraction and consider 15 features decomposing featuresignal with a matching pursuit. Signal decomposition is used to create profiles that are later used to detect anomalies.…”

Section: Ddos Defense Based On Expert Systemsmentioning

confidence: 99%

STONE: A streaming DDoS defense framework

Gulisano

Callau-Zori

Zhang

et al. 2015

Expert Systems with Applications

View full text Add to dashboard Cite

“…(B) Related Works. In order to detect anomalies in network, correlate parameters from different layers should be combined [8]. Some papers focus on building a new hierarchical framework for intrusion detection as well as data processing based on the feature classification and selection [9][10][11].…”

Section: Anomaly Detectionmentioning

confidence: 99%

A Universal High-Performance Correlation Analysis Detection Model and Algorithm for Network Intrusion Detection System

Zhu

Liu

Sun

et al. 2017

Mathematical Problems in Engineering

View full text Add to dashboard Cite

In big data era, the single detection techniques have already not met the demand of complex network attacks and advanced persistent threats, but there is no uniform standard to make different correlation analysis detection be performed efficiently and accurately. In this paper, we put forward a universal correlation analysis detection model and algorithm by introducing state transition diagram. Based on analyzing and comparing the current correlation detection modes, we formalize the correlation patterns and propose a framework according to data packet timing and behavior qualities and then design a new universal algorithm to implement the method. Finally, experiment, which sets up a lightweight intrusion detection system using KDD1999 dataset, shows that the correlation detection model and algorithm can improve the performance and guarantee high detection rates.

show abstract

Statistical and signal‐based network traffic recognition for anomaly detection

Cited by 31 publications

References 17 publications

Combining density-based clustering and wavelet methods for internal systems anomaly detection

Combining density-based clustering and wavelet methods for internal systems anomaly detection

STONE: A streaming DDoS defense framework

A Universal High-Performance Correlation Analysis Detection Model and Algorithm for Network Intrusion Detection System

Contact Info

Product

Resources

About