Using Generalized Entropies and OC-SVM with Mahalanobis Kernel for Detection and Classification of Anomalies in Network Traffic

Santiago-Paz, Jayro; Torres-Roman, D.; Figueroa-Ypiña, Angel; Argaez-Xool, Jesus

doi:10.3390/e17096239

Cited by 11 publications

(12 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The window sizes most commonly used are: 5 min [15,16,[23][24][25], 30 min, 1 min, 100 sec, 5 sec and 0.5 sec. Some researchers use windows with a fixed length L = 4096 [19], 1000 [26], and 32 [4] packets. Therefore, the main objective of windowing is to reduce the data volume.…”

Section: Windowing In Network Trafficmentioning

confidence: 99%

“…Santiago-Paz et al (2014) [19] present the Entropy and Mahalanobis Distance (EMD) based Algorithm to define elliptical regions in the feature space. In [4], OC-SVM and k-temporal nearest neighbors are used to improve accuracy in classification.…”

Section: Classificationmentioning

confidence: 99%

“…A generic architecture of entropy-based A-NIDS is presented in figure 1, see [4]. It usually consists of two stages: the training and the testing stage.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

On Entropy in Network Traffic Anomaly Detection

Santiago-Paz

Torres-Roman

2015

Proceedings of 2nd International Electronic Conference on Entropy and Its Applications

Self Cite

View full text Add to dashboard Cite

Different systems, e.g., the anomaly-based network intrusion detection system (A-NIDS), have been continuously developed in order to ensure integrity, availability, and confidentiality of networks. In this paper, we present a structured and comprehensive overview of the research into entropy-based A-NIDS with the intention of providing researchers a quick introduction to essential aspects of this topic. The main components of the general architecture of A-NIDS based on Entropy are discussed. The achieved high detection rates prove the effective use of entropy. Finally, some open issues in entropy-based network traffic anomaly detection are also highlighted.

show abstract

Section: Windowing In Network Trafficmentioning

confidence: 99%

Section: Classificationmentioning

confidence: 99%

See 1 more Smart Citation

On Entropy in Network Traffic Anomaly Detection

Santiago-Paz

Torres-Roman

2015

Proceedings of 2nd International Electronic Conference on Entropy and Its Applications

Self Cite

View full text Add to dashboard Cite

show abstract

“…Model selection is to seek proper values of hyper-parameters commonly by means of cross-validation and grid search [32]. The k-fold cross-validation [12,13] partitions the training data into k disjoint subsets of approximately equal size. A series of k models are then trained, each using a different combination of k´1 subsets.…”

Section: Kernel Function and Model Selectionmentioning

confidence: 99%

“…Recently, kernel methods have been identified as one of the leading means for pattern classification and function approximation, and successfully applied in various fields [8][9][10][11][12][13][14]. Support vector machine (SVM), initially developed by Vapnik for pattern classification, is one of the most used models.…”

Section: Introductionmentioning

confidence: 99%

Product Design Time Forecasting by Kernel-Based Regression with Gaussian Distribution Weights

Shang

Yan

2016

Entropy

View full text Add to dashboard Cite

There exist problems of small samples and heteroscedastic noise in design time forecasts. To solve them, a kernel-based regression with Gaussian distribution weights (GDW-KR) is proposed here. GDW-KR maintains a Gaussian distribution over weight vectors for the regression. It is applied to seek the least informative distribution from those that keep the target value within the confidence interval of the forecast value. GDW-KR inherits the benefits of Gaussian margin machines. By assuming a Gaussian distribution over weight vectors, it could simultaneously offer a point forecast and its confidence interval, thus providing more information about product design time. Our experiments with real examples verify the effectiveness and flexibility of GDW-KR.

show abstract

A study of detection of abnormal network traffic: A comparison of multiple algorithms

2021

Security and Privacy

View full text Add to dashboard Cite

The detection of abnormal traffic in networks is of great value for maintaining network security. This article gives a brief introduction of abnormal traffic and compares the performance of three algorithms, the support vector domain description algorithm, the gradient boosting decision tree algorithm, and the extreme learning machine-k-nearest neighbor (ELM-KNN) algorithm. Experiments were carried out on the NSL-KDD dataset. It was found that the accuracies of the three algorithms were 0.8327, 0.8679, and 0.9468, the recall rates were 0.6764, 0.7236, and 0.8997, the F1-scores were 0.7898, 0.8364, and 0.9578, and the false alarm rates were 0.3236, 0.2764, and 0.1003. The running time of the ELM-KNN algorithm was far less than the other two algorithms. The experimental results verify the effectiveness of the ELM-KNN algorithm in abnormal network traffic detection. The ELM-KNN algorithm can be further promoted and applied in practice.

show abstract

Using Generalized Entropies and OC-SVM with Mahalanobis Kernel for Detection and Classification of Anomalies in Network Traffic

Cited by 11 publications

References 25 publications

On Entropy in Network Traffic Anomaly Detection

On Entropy in Network Traffic Anomaly Detection

Product Design Time Forecasting by Kernel-Based Regression with Gaussian Distribution Weights

A study of detection of abnormal network traffic: A comparison of multiple algorithms

Contact Info

Product

Resources

About