Network Anomaly Detection based on Multi-scale Dynamic Characteristics of Traffic

Authors

  • Jing Yuan Department of Automation, Tsinghua University Beijing, China 100084
  • Ruixi Yuan Department of Automation, Tsinghua University Beijing, China 100084
  • Xi Chen Department of Automation, Tsinghua University Beijing, China 100084

Keywords:

network anomaly detection, multi-scale dynamic characteristics, recurrence analysis, WRC detection model

Abstract

This paper proposes a novel detection engine, called the Wavelet-Recurrence-Clustering (WRC) detection model, to study the network anomaly detection problem that is widely attractive in Internet security area. The WRC model first
applies the wavelet transform and recurrence analysis to calculate the multi-scale dynamic characteristics of network traffic, and then identifies network anomalies through
the clustering algorithm with those dynamic characteristics. The evaluation results on DARPA 1999 dataset indicate that the WRC detection model can effectively improve the detection accuracy with a low false alarm rate.

Author Biography

Jing Yuan, Department of Automation, Tsinghua University Beijing, China 100084

Department of Mathematics and Computer Science

References

Kim, H. J.; Na, J. C.; Jang, J. S.; Network traffic anomaly detection based on ratio and volume analysis, International Journal of Computer Science and Network Security, 6(5): 190-194, 2006.

Wu, Q.; Shao Z.; Network anomaly detection using time series analysis, Proc. of the Joint Int. Conference on Autonomic and Autonomous Systems and International Conference on Network and Services, Papeete, Tahiti, 42-47, 2005.

Willinger, W.; Paxson, V.; Taqqu, M. S.; Self-similarity and heavy tail: structural modeling of network traffic, A Pratical Guide to Heavy Tails: Statistical Techniques and Applications, BirkhRăuser, Boston, USA, 1998.

Grossglauser, M.; Bolot, J. C.; On the relevance of long-range dependence in network traffic, IEEE/ACM Transactions on Networking, 7(5): 629-640, 1999. http://dx.doi.org/10.1109/90.803379

Tsai, C. F.; Hsu, Y. F.; Lin, C.; Lin, W.; Intrusion detection by machine learning: a review, Experts Systems with Applications, 36(10): 11994-12000, 2009. http://dx.doi.org/10.1016/j.eswa.2009.05.029

Shon, T.; Moon, J.; A hybrid machine learning approach to network anomaly detection, Information Science, 177: 3799-3821, 2007. http://dx.doi.org/10.1016/j.ins.2007.03.025

Gaddam, S. R.; Phoha, V. V.; Balagani, K. S.; K-Means+ID3: a novel method for supervised anomaly detection by cascading K-Means clustering and ID3 decision tree learning methods, IEEE Transactions on Knowledge and Data Engineering, 19(3): 345-354, 2007. http://dx.doi.org/10.1109/TKDE.2007.44

Sabhnani, M.; Serpen, G.; Why machine learning algorithms fail in misuse detection on KDD intrusion detection dataset, Intelligent Data Analysis, 8(4): 403-415, 2004.

Barford, P.; Kline, J.; Plonka, D.; Ron, A.; A signal analysis of network traffic anomalies, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, Marseille, France, 71-82, 2002. http://dx.doi.org/10.1145/637201.637210

Polikar, R.; Wavelet tutorial, http://users.rowan.edu/polikar/WAVELETS/WTtutorial.html, 2001.

Eckmann, J. P.; Kamphorst, S. O.; Ruelle, D.; Recurrence plots of dynamical systems, Europhysics Letters, 4(9): 973-977, 1987. http://dx.doi.org/10.1209/0295-5075/4/9/004

Zbilut, J. P.; Webber, C. L.; Embedding and delays as derived from quantification of recurrence plots, Physics Letter A, 171: 199-203, 1992. http://dx.doi.org/10.1016/0375-9601(92)90426-M

Duda, R. O.; Hart, P. E.; Stork, D. G.; Pattern classification, 2rd edn., Wiley-intersicence, New York, USA, 2000.

DARPA 1999; http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/1999data.html, 1999.

Ohira, T.; Schreiber T.; Nonlinear time series analysis, 2rd edn., Cambridge University Press, New York, USA, 2004.

Chen, W. (2006); Study on the identification of two-phase flow patterns, Master Thesis.

Marwan, N.; Romano, M. C.; Thiel, M.; Kurths, J.; Recurrence plots for the analysis of complex systems, Physics Reports, 438: 237-329, 200

Published

2014-01-03

Issue

Vol. 9 No. 1 (2014): International Journal of Computers Communications & Control (February)

Section

Articles

License

ONLINE OPEN ACCES: Acces to full text of each article and each issue are allowed for free in respect of Attribution-NonCommercial 4.0 International (CC BY-NC 4.0.

You are free to:

-Share: copy and redistribute the material in any medium or format;

-Adapt: remix, transform, and build upon the material.

The licensor cannot revoke these freedoms as long as you follow the license terms.

 

DISCLAIMER: The author(s) of each article appearing in International Journal of Computers Communications & Control is/are solely responsible for the content thereof; the publication of an article shall not constitute or be deemed to constitute any representation by the Editors or Agora University Press that the data presented therein are original, correct or sufficient to support the conclusions reached or that the experiment design or methodology is adequate.

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.