Studies in applying PCA and wavelet algorithms for network traffic anomaly detection

Novakov, Stevan; Lung, Chung-Horng; Lambadaris, Ioannis; Seddigh, Nabil

doi:10.1109/hpsr.2013.6602310

Cited by 22 publications

(9 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, in order to analyze network traffic and detect anomalous connections from each network flow, IP address and port of the source and the destination host as well as number of transferred bytes can be extracted [NLLS11]. To solve a face recognition problem, the features extracted from a face image can involve coordinates of eyes, nasal wings and corners of the mouth [RHB11].…”

Section: Feature Extractionmentioning

confidence: 99%

Detection of zero-day malware based on the analysis of opcode sequences

Zolotukhin

Hämäläinen

2014

2014 IEEE 11th Consumer Communications and Networking Conference (CCNC)

View full text Add to dashboard Cite

Esitetään Jyväskylän yliopiston informaatioteknologian tiedekunnan suostumuksella julkisesti tarkastettavaksi yliopiston vanhassa juhlasalissa S212 toukokuun 22. päivänä 2014 kello 12.Academic dissertation to be publicly discussed, by permission of the Faculty of Information Technology of the University of Jyväskylä, in building Seminarium, auditorium S212 on May 22, 2014 at 12 o'clock noon. UNIVERSITY OF JYVÄSKYLÄ JYVÄSKYLÄ 2014On This work focuses on the application of different methods and algorithms of data mining to various problems encountered in mobile networks and computer systems. Data mining is the process of analysis of a dataset in order to extract knowledge patterns and construct a model for further use based on these patterns. This process involves three main phases: data preprocessing, data analysis and validation of the obtained model. All these phases are discussed in this study. The most important steps of each phase are presented and several methods of their implementation are described. In addition, several case studies devoted to different problems in the field of computer science are presented in the dissertation. Each of these studies employs one or more data mining techniques to solve a posed problem. Firstly, optimal positions of relay stations in WiMAX multihop networks are calculated with the help of genetic algorithm. Next, the prediction of the next mobile user location is carried out based on the analysis of spatial-temporal trajectories and application of several classifying methods. After that, the use of clustering and anomaly detection techniques for the detection of anomalous HTTP requests is presented. Finally, the data mining approach is applied for the detection and classification of malicious software. These case studies show that data mining methods can help to solve many different problems related to mobile networking and network security. LIST OF FIGURES LIST OF TABLES

show abstract

Section: Feature Extractionmentioning

confidence: 99%

Detection of zero-day malware based on the analysis of opcode sequences

Zolotukhin

Hämäläinen

2014

2014 IEEE 11th Consumer Communications and Networking Conference (CCNC)

View full text Add to dashboard Cite

show abstract

“…Feature extraction reduce the representation of data to increase the performance of data processing since analyzing the full size raw data is time consuming and decrease the accuracy of output. For instance, to analyze network traffic for network-based intrusion detection, the application should gather the data from routers and extract information such as number of transferred bytes, packets, networks flows, IP addresses, protocol, port numbers and other useful features of network traffic for intrusion detection (Guyon & Elisseeff 2003, Liu & Yu 2005, Novakov et al 2013. Many researchers are suggesting using network flows for intrusion detection purposes .…”

Section: Data Selection and Feature Extractionmentioning

confidence: 99%

A real time unsupervised NIDS for detecting unknown and encrypted network attacks in high speed network

Amoli

Hämäläinen

2013

2013 IEEE International Workshop on Measurements &Amp; Networking (M&N)

View full text Add to dashboard Cite

“…(ii) The machine-learning based approach [6][7][8] may encounter the following problems: firstly, it is difficult to select distribution functions and solve the parameters due to lack of samples; secondly, it is a time-consuming task to detect the anomalies when the dimensionality of the traffic and the size of its features expand dramatically. (iii) The signal-processing based approach [9][10][11] cannot recognise the small characteristic variations underlying in the traffic and obtain satisfactory classification results due to the slight fluctuation of the traffic.…”

Section: Introductionmentioning

confidence: 99%

“…Due to its special characteristics, some new challenges will emerge when the common‐used anomalous traffic detection techniques are applied to the controlled network including: (i) The statistics‐analysis based approach [3–5] cannot detect and discover the anomalous traffic occurring in a long interval or with subtle variations in the controlled network due to its relatively stable traffic characteristics. (ii) The machine‐learning based approach [6–8] may encounter the following problems: firstly, it is difficult to select distribution functions and solve the parameters due to lack of samples; secondly, it is a time‐consuming task to detect the anomalies when the dimensionality of the traffic and the size of its features expand dramatically. (iii) The signal‐processing based approach [9–11] cannot recognise the small characteristic variations underlying in the traffic and obtain satisfactory classification results due to the slight fluctuation of the traffic. …”

Section: Introductionmentioning

confidence: 99%

Detecting anomalous traffic in the controlled network based on cross entropy and support vector machine

Han

Xue

Yan

2019

IET Information Security

View full text Add to dashboard Cite

Network anomaly detection is an effective way for analysing and detecting malicious attacks. However, the typical anomaly detection techniques cannot perform the desired effect in the controlled network just as in the general network. In the circumstance of the controlled network, the detection performance will be lowered due to its special characteristics including the stronger regularity, higher dimensionality and subtler fluctuation of its traffic. On the motivation, the study proposes a novel classifier framework based on cross entropy and support vector machine (SVM). The technique first subtracts the representative traffic characteristics from the network traffic and defines a 7-tuple feature vector for the controlled network by extending the traditional 5-tuple representation of the usual network. Then the probability distributions and cross entropies of the 7 tuples are calculated during the defined statistical window so as to generate the 7-tuple cross-entropy feature vector for profiling the network traffic fluctuation in the controlled network. Finally, the multi-class SVM classifier is trained by importing the 7-tuple cross-entropy feature vectors. Experimental results show that the proposed classifier can achieve higher detection rates and is more suitable to be used in the controlled network than the typical detection techniques. Nomenclature S ip source address of the network session S port source port of the network session D ip destination address of the network session D port destination port of the network session In number of source nodes that is connecting with the observed node in the network session Out number of destination nodes that the observed node is connected within the network session Vel corresponding traffic rates of the different connections in the network session

show abstract

Studies in applying PCA and wavelet algorithms for network traffic anomaly detection

Cited by 22 publications

References 20 publications

Detection of zero-day malware based on the analysis of opcode sequences

Detection of zero-day malware based on the analysis of opcode sequences

A real time unsupervised NIDS for detecting unknown and encrypted network attacks in high speed network

Detecting anomalous traffic in the controlled network based on cross entropy and support vector machine

Contact Info

Product

Resources

About