Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Novel Approach for Network Traffic Pattern Analysis using Clustering-based Collective Anomaly Detection

Novel Approach for Network Traffic Pattern Analysis using Clustering-based Collective Anomaly... There is increasing interest in the data mining and network management communities in improving existing techniques for the prompt analysis of underlying traffic patterns. Anomaly detection is one such technique for detecting abnormalities in many different domains, such as computer network intrusion, gene expression analysis, financial fraud detection and many more. Clustering is a useful unsupervised method for both identifying underlying patterns in data and anomaly detection. However, existing clustering-based techniques have high false alarm rates and consider only individual data instances for anomaly detection. Interestingly, there are traffic flows which seem legitimate but are targeted at disrupting a normal computing environment, such as the Denial of Service (DoS) attack. The presence of such anomalous data instances explains the poor performances of existing clustering-based anomaly detection techniques. In this paper, we formulate the problem of detecting DoS attacks as a collective anomaly which is a pattern in the data when a group of similar data instances behave anomalously with respect to the entire dataset. We propose a framework for collective anomaly detection using a partitional clustering technique to detect anomalies based on an empirical analysis of an attack’s characteristics. We validate our approach by comparing its results with those from existing techniques using benchmark datasets. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Annals of Data Science Springer Journals

Novel Approach for Network Traffic Pattern Analysis using Clustering-based Collective Anomaly Detection

Ahmed, Mohiuddin; Mahmood, Abdun
Annals of Data Science , Volume 2 (1) – May 14, 2015
Download PDF
20 pages

Loading next page...
 
/lp/springer-journals/novel-approach-for-network-traffic-pattern-analysis-using-clustering-dzUMdGUmpX
Publisher
Springer Journals
Copyright
Copyright © 2015 by Springer-Verlag Berlin Heidelberg
Subject
Economics / Management Science; Business/Management Science, general; Statistics for Business/Economics/Mathematical Finance/Insurance; Computing Methodologies
ISSN
2198-5804
eISSN
2198-5812
DOI
10.1007/s40745-015-0035-y
Publisher site
See Article on Publisher Site

Abstract

There is increasing interest in the data mining and network management communities in improving existing techniques for the prompt analysis of underlying traffic patterns. Anomaly detection is one such technique for detecting abnormalities in many different domains, such as computer network intrusion, gene expression analysis, financial fraud detection and many more. Clustering is a useful unsupervised method for both identifying underlying patterns in data and anomaly detection. However, existing clustering-based techniques have high false alarm rates and consider only individual data instances for anomaly detection. Interestingly, there are traffic flows which seem legitimate but are targeted at disrupting a normal computing environment, such as the Denial of Service (DoS) attack. The presence of such anomalous data instances explains the poor performances of existing clustering-based anomaly detection techniques. In this paper, we formulate the problem of detecting DoS attacks as a collective anomaly which is a pattern in the data when a group of similar data instances behave anomalously with respect to the entire dataset. We propose a framework for collective anomaly detection using a partitional clustering technique to detect anomalies based on an empirical analysis of an attack’s characteristics. We validate our approach by comparing its results with those from existing techniques using benchmark datasets.

Journal

Annals of Data ScienceSpringer Journals

Published: May 14, 2015

References

  • A taxonomy of network and computer attacks
    Hansman, S; Hunt, R
  • Optimization based data mining: theory and applications
    Shi, Y; Tian, Y; Kou, G; Peng, Y; Li, J
  • Multiple criteria optimization-based data mining methods and applications: a systematic survey
    Shi, Y
  • An intrusion-detection model
    Denning, DE
  • Anomaly detection in ip networks
    Thottan, M; Ji, C
  • Data clustering: a review
    Jain, AK; Murty, MN; Flynn, PJ
  • Anomaly extraction in backbone networks using association rules
    Brauckhoff, D; Dimitropoulos, X; Wagner
  • Data warehousing and data mining techniques for intrusion detection systems
    Singhal, A; Jajodia, S
  • Multivariate analysis
    Mardia, KV; Kent, JT; Bibby, JM
  • An investigation of performance analysis of anomaly detection techniques for big data in scada systems
    Ahmed, M; Anwar, A; Mahmood, AN; Shah, Z; Maher, MJ
  • Nearest-neighbor and clustering based anomaly detection algorithms for rapidminer
    Mennatallah Amer, MG
  • Discovering cluster based local outliers
    He, Z; Xu, X; Deng, S
  • Application of sampling methodologies to network traffic characterization
    Claffy, KC; Polyzos, GC; Braun, H-W
  • Intelligent web traffic mining and analysis
    Wang, X; Abraham, A; Smith, KA
  • Intelligent rate control for supporting real-time traffic in WLAN mesh networks
    Zhu, R
  • Data summarization for network traffic monitoring
    Hoplaros, D; Tari, Z; Khalil, I