An Abnormal Network Traffic Detection Algorithm Based on Big Data Analysis

Authors

  • Haipeng Yao Beijing University of Posts and Telecommunications
  • Yiqing Liu State Key Laboratory of Networking and Switching Technology Beijing University of Posts and Telecommunications No 10, Xitucheng Road, Haidian District, Beijing, PRC
  • Chao Fang 1. Beijing Advanced Innovation Center for Future Internet Technology Beijing University of Technology 100 Ping Le Yuan, Chaoyang District, Beijing, PRC fangchao.bupt@gmail.com 2. College of Electronic Information and Control Engineering Beijing University of Technology 100 Ping Le Yuan, Chaoyang District, Beijing, PRC

Keywords:

Anomaly Traffic Detection, Big Data, K-means, Decision Tree, Random Forest

Abstract

Anomaly network detection is a very important way to analyze and detect malicious behavior in network. How to effectively detect anomaly network flow under the pressure of big data is a very important area, which has attracted more and more researchers’ attention. In this paper, we propose a new model based on big data analysis, which can avoid the influence brought by adjustment of network traffic distribution, increase detection accuracy and reduce the false negative rate. Simulation results reveal that, compared with k-means, decision tree and random forest algorithms, the proposed model has a much better performance, which can achieve a detection rate of 95.4% on normal data, 98.6% on DoS attack, 93.9% on Probe attack, 56.1% on U2R attack, and 77.2% on R2L attack.

References

Patcha, A.; Park, J.M. (2007); An overview of anomaly detection techniques: Existing solutions and latest technological trends, Computer Networks, ISSN 1389-1286, 51(12): 3448- 3470.

Lazarevic, A.; Kumar, V.; Srivastava, J. (2005); Intrusion detection: A survey, Managing Cyber Threats, ISSN 0924-6703, 5: 19-78.

Axelsson, S. (1998); Research in intrusion-detection systems: a survey, Department of Computer Engineering, Chalmers University of Technology, Goteborg. Sweden, Technical Report 98-17.

Om, H.; Kundu, A. (2012); A hybrid system for reducing the false alarm rate of anomaly intrusion detection system, IEEE 1st International Conference on Recent Advances in Information Technology (RAIT), ISBN 978-1-4577-0694-3, 131-136.

Kaisler, S. et al (2013); Big data: Issues and challenges moving forward, IEEE 46th Hawaii International Conference on System Sciences (HICSS), ISSN 1530-1605, 995-1004.

Michael, K.; Miller, K.W. (2013); Big Data: New Opportunities and New Challenges, Computer, ISSN 0018-9162, 46(6):22-24.

Russom, P. et al (2011); Big Data Analytics, TDWI Best Practices Report, Fourth Quarter.

Fan, W.; Bifet, A. (2013); Mining big data: current status, and forecast to the future, ACM SIGKDD Explorations Newsletter, ISSN 1931-0145, 14(2): 1-5.

James, G. et al (2013); An introduction to statistical learning, Springer, ISSN 1431-875X.

Guan, Y.; Ghorbani, A.A.; Belacel, N. (2003); Y-means: A clustering method for intrusion detection, IEEE Canadian Conference on Electrical and Computer Engineering, ISSN 0840- 7789, 2:1083-1086.

Quinlan, J.R. (1993); C4.5: Programs for Machine Learning, Morgan Kaufmann Publishers Inc., ISBN 1558602402.

Elbasiony, R.M. et al (2013); A hybrid network intrusion detection framework based on random forests and weighted k-means, Ain Shams Engineering Journal, ISSN 2090-4479, 4(4): 753-762.

KDD Cup 1999, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. May 2015

Lippmann, R.P. et al (2000); Evaluating intrusion detection systems: The 1998 DARPA offline intrusion detection evaluation, IEEE Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX), ISBN 0-7695-0490-6, 2:12-26.

Tavallaee, M. et al (2009); A detailed analysis of the KDD CUP 99 data set, Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications (CISDA), ISBN 978-1-4244-3763-4, 1-6.

Pfahringer, B. (2000); Winning the KDD99 classification cup: bagged boosting, ACM SIGKDD Explorations Newsletter, ISSN 1931-0145, 1(2): 65-66.

Yu, G. D. et al (2014); Multi-objective rescheduling model for product collaborative design considering disturbance, International journal of simulation modelling, ISSN 1726-4529, 13(4): 472-484.

Gusel, L. R. et al (2015); Genetic based approach to predicting the elongation of drawn alloy, International journal of simulation modelling, ISSN 1726-4529, 14(1): 39-47.

Prasad, K. et al (2016); A knowledge-based system for end mill selection, Advances in Production Engineering & Management, ISSN 1856-6250, 11(1): 15-28.

Published

2016-07-04

Issue

Vol. 11 No. 4 (2016): International Journal of Computers Communications & Control (August)

Section

Articles

License

ONLINE OPEN ACCES: Acces to full text of each article and each issue are allowed for free in respect of Attribution-NonCommercial 4.0 International (CC BY-NC 4.0.

You are free to:

-Share: copy and redistribute the material in any medium or format;

-Adapt: remix, transform, and build upon the material.

The licensor cannot revoke these freedoms as long as you follow the license terms.

 

DISCLAIMER: The author(s) of each article appearing in International Journal of Computers Communications & Control is/are solely responsible for the content thereof; the publication of an article shall not constitute or be deemed to constitute any representation by the Editors or Agora University Press that the data presented therein are original, correct or sufficient to support the conclusions reached or that the experiment design or methodology is adequate.

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.