A Study on High-Speed Outlier Detection Method of Network Abnormal Behavior Data Using Heterogeneous Multiple Classifiers (original) (raw)
Related papers
Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection
2006 IEEE International Conference on Communications, 2006
Anomaly detection is a critical issue in Network Intrusion Detection Systems (NIDSs). Most anomaly based NIDSs employ supervised algorithms, whose performances highly depend on attack-free training data. However, this kind of training data is difficult to obtain in real world network environment. Moreover, with changing network environment or services, patterns of normal traffic will be changed. This leads to high false positive rate of supervised NIDSs. Unsupervised outlier detection can overcome the drawbacks of supervised anomaly detection. Therefore, we apply one of the efficient data mining algorithms called random forests algorithm in anomaly based NIDSs. Without attack-free training data, random forests algorithm can detect outliers in datasets of network traffic. In this paper, we discuss our framework of anomaly based network intrusion detection. In the framework, patterns of network services are built by random forests algorithm over traffic data. Intrusions are detected by determining outliers related to the built patterns. We present the modification on the outlier detection algorithm of random forests. We also report our experimental results over the KDD'99 dataset. The results show that the proposed approach is comparable to previously reported unsupervised anomaly detection approaches evaluated over the KDD'99 dataset.
A multi-step outlier-based anomaly detection approach to network-wide traffic
Information Sciences, 2016
Outlier detection is of considerable interest in fields such as physical sciences, medical diagnosis, surveillance detection, fraud detection and network anomaly detection. The data mining and network management research communities are interested in improving existing score-based network traffic anomaly detection techniques because of ample scopes to increase performance. In this paper, we present a multi-step outlier-based approach for detection of anomalies in network-wide traffic. We identify a subset of relevant traffic features and use it during clustering and anomaly detection. To support outlier-based network anomaly identification, we use the following modules: a mutual information and generalized entropy based feature selection technique to select a relevant non-redundant subset of features, a tree-based clustering technique to generate a set of reference points and an outlier score function to rank incoming network traffic to identify anomalies. We also design a fast distributed feature extraction and data preparation framework to extract features from raw network-wide traffic. We evaluate our approach in terms of detection rate, false positive rate, precision, recall and F-measure using several high dimensional synthetic and real-world datasets and find the performance superior in comparison to competing algorithms.
JIKO (Jurnal Informatika dan Komputer)
The large number of data packet records of network traffic can be used to evaluate the quality of a network as well as to analyze the occurrence of anomalies in the network, both related to network security and network performance. Based on the data obtained, the occurrence of anomalies in computer networks can not be detected specifically on which traffic packets. Meanwhile, to monitor network traffic packets manually will require a lot of time and resources, making it difficult to detect potential anomaly events more specifically. This study analyzes network packet traffic data to see records that include anomalies with an outlier detection approach, using the Isolation Forest algorithm to detect outliers on network traffic packet data, with the result that minority data are of the outliers type of 1,643 records (4.86%), while inliers are 32,098 records (95.13%). Then check and filter the expert attributes that contain expert information. The outlier detection results were classif...
Feature Classification and Outlier Detection to Increased Accuracy in Intrusion Detection System
2018
The day by day targeted network attacks is steadily increasing and evolving, forcing businesses to revamp their network security systems due to possible data and capital losses. Intrusion Detection Systems is a very important element for almost any security system. The key feature of IDS is the active detection of unauthorized access that tries to compromise the confidentiality, availability and Integrity of computer or computer networks. Many researchers have already developed security and advanced techniques to explore technologies to detect cyber attacks with all DARPA 1998 dataset for Intrusion Detection and improved versions of this KDD Cup'99, NSL-KDD Cup and GureKDDcup data set. In this research, we evaluate the use of five ML classification algorithm to deal with the attack classification problem. They are SVM, Naive Bayes, KNN and the Decision Tree based C4.5 (J48) and Random Forest Algorithm. The project objective is to compare if some of the newer dataset and the most...
Outlier Detection in Network Traffic Monitoring
Proceedings of the 10th International Conference on Pattern Recognition Applications and Methods
Network traffic monitoring becomes, year by year, an increasingly more important branch of network infrastructure maintenance. There exist many dedicated tools for on-line network traffic monitoring that can defend the typical (and known) types of attacks by blocking some parts of the traffic immediately. However, there may occur some yet unknown risks in network traffic whose statistical description should be reflected as slow-intime changing characteristics. Such non-rapidly changing variable values probably should not be detectable by on-line tools. Still, it is possible to detect these changes with the data mining method. In the paper the popular anomaly detection methods with the application of the moving window procedure are presented as one of the approaches for anomaly (outlier) detection in network traffic monitoring. The paper presents results obtained on the real outer traffic data, collected in the Institute. 2 RESEARCH CONTEXT RegSOC is a specialized Security Operations Centre (SOC), mainly for public institutions. Each SOC is based on three pillars: people, processes and technology. Highly qualified cybersecurity specialists of
2015
With the advent of the Internet, security has become a major concern. An intrusion detection system is used to enhance the security of networks by inspecting all inbound and outbound network activities and by identifying suspicious patterns as possible intrusions. For the past two decades, many researchers are working in Intrusion Detection Systems. In recent years, anomaly detection has gained popularity with its ability to detect novel attacks. Nowadays researchers focus on applying outlier detection techniques for anomaly detection because of its promising results in identifying true attacks and in reducing false alarm rate. In this paper, some of the works which applied outlier analysis in anomaly detection is studied and their results are analyzed.
ArXiv, 2020
Cybersecurity has recently gained considerable interest in today's security issues because of the popularity of the Internet-of-Things (IoT), the considerable growth of mobile networks, and many related apps. Therefore, detecting numerous cyber-attacks in a network and creating an effective intrusion detection system plays a vital role in today's security. In this paper, we present an Isolation Forest Learning-Based Outlier Detection Model for effectively classifying cyber anomalies. In order to evaluate the efficacy of the resulting Outlier Detection model, we also use several conventional machine learning approaches, such as Logistic Regression (LR), Support Vector Machine (SVM), AdaBoost Classifier (ABC), Naive Bayes (NB), and K-Nearest Neighbor (KNN). The effectiveness of our proposed Outlier Detection model is evaluated by conducting experiments on Network Intrusion Dataset with evaluation metrics such as precision, recall, F1-score, and accuracy. Experimental results s...
New kind of intrusions causes deviation in the normal behaviour of traffic flow in computer networks every day. This study focused on enhancing the learning capabilities of IDS to detect the anomalies present in a network traffic flow by comparing the k-means approach of data mining for intrusion detection and the outlier detection approach. The k-means approach uses clustering mechanisms to group the traffic flow data into normal and abnormal clusters. Outlier detection calculates an outlier score (neighbourhood outlier factor (NOF)) for each flow record, whose value decides whether a traffic flow is normal or abnormal. These two methods were then compared in terms of various performance metrics and the amount of computer resources consumed by them. Overall, k-means was more accurate and precise and has better classification rate than outlier detection in intrusion detection using traffic flows. This will help systems administrators in their choice of IDS.
Classification Ensemble Based Anomaly Detection in Network Traffic
Review of Computer Engineering Research, 2019
Recently, the expansion of information technologies and the exponential increase of the digital data have deepened more the security and confidentiality issues in computer networks. In the Big Data era information security has become the main direction of scientific research and Big Data analytics is considered being the main tool in the solution of information security issue. Anomaly detection is one of the main issues in data analysis and used widely for detecting network threats. The potential sources of outliers can be noise and errors, events, and malicious attacks on the network. In this work, a short review of network anomaly detection methods is given, is looked at related works. In the article, a more exact and simple multi-classifier model is proposed for anomaly detection in network traffic based on Big Data. Experiments have been performed on the NSL-KDD data set by using the Weka. The offered model has shown decent results in terms of anomaly detection accuracy. Contribution/Originality: This study proposed multi-classifier model for increasing anomaly detection accuracy in network traffic. The model consists of the J48, LogitBoost, IBk, AdaBoost, RandomTree classifiers. This work performed a comparative analysis of used classifiers and their combination to see which one will give the best result In study classifiers and their combination have been implemented on NSL-KDD open source dataset using WEKA tool. The results show that the ensemble classifiers provide the better result than using these classifiers individually. The computer network traffic analysis with employment of our model can help network engineers and administrators to create a more reliable network, avoid possible discharges and take precautionary measures.
Analysis of Various Machine Learning Approach to Detect Anomaly from Network Traffic
International journal of computer science and mobile computing, 2022
Although conventional network security measures have been effective up until now, machine learning techniques are a strong contender in the present network environment due to their flexibility. In this study, we evaluate how well the latter can identify security issues in a corporative setting Network. In order to do so, we configure and contrast a number of models to determine which one best our demands. In addition, we spread the computational load and storage to support large quantities of data. Our model-building methods, Random Forest and Naive Bayes.