Network anomaly detection based on probabilistic analysis

被引:5
|
作者
Park, JinSoo [1 ]
Choi, Dong Hag [1 ]
Jeon, You-Boo [1 ]
Nam, Yunyoung [2 ]
Hong, Min [3 ]
Park, Doo-Soon [3 ]
机构
[1] Soon Chun Hyang Univ, Wellness Coaching Serv Res Ctr, RM U1202,22 Soonchunhyangro, Asan, Choongcheongnam, South Korea
[2] Soon Chun Hyang Univ, Dept Comp Engn, Asan, Choongcheongnam, South Korea
[3] Soon Chun Hyang Univ, Dept Comp Software Engn, Asan, Choongcheongnam, South Korea
来源
SOFT COMPUTING | 2018年 / 22卷 / 20期
关键词
Anomaly detection; Network intrusion; Traffic flood; DDoS attacks; Mahalanobis distance; INTRUSION DETECTION; MODEL; PARALLEL;
D O I
10.1007/s00500-017-2679-3
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
In this paper, we propose a method to detect network intrusions using anomaly detection technique based on probabilistic analysis. Victim's computers under attack show various symptoms such as degradation of TCP throughput, increase in CPU usage, increased round trip time, frequent disconnection to the Web sites, etc. These symptoms can be used as components to construct the k-dimensional feature space of multivariate normal distribution, in which case an anomaly detection method can be applied for the detection of the attack on the distribution. These features are generally highly correlated. Thus we choose only a few of these features for the anomaly detection in multivariate normal distribution. We use Mahalanobis distance to detect the anomalies for each data, normal, and abnormal. Anomalies are identified when their square root of Mahalanobis distance exceeds certain threshold. A detailed description of the threshold setting and the various experiments are discussed in simulation results.
引用
收藏
页码:6621 / 6627
页数:7
相关论文
共 50 条
  • [1] Network anomaly detection based on probabilistic analysis
    JinSoo Park
    Dong Hag Choi
    You-Boo Jeon
    Yunyoung Nam
    Min Hong
    Doo-Soon Park
    Soft Computing, 2018, 22 : 6621 - 6627
  • [2] Network Anomaly Detection Based on Probabilistic Analysis
    Park, JinSoo
    Choi, Dong Hag
    Jeon, You-Boo
    Min, Se Dong
    Park, Doo-Soon
    ADVANCES IN COMPUTER SCIENCE AND UBIQUITOUS COMPUTING, 2017, 421 : 699 - 704
  • [3] PROBABILISTIC ANOMALY DETECTION BASED ON SYSTEM CALLS ANALYSIS
    Maciolek, Przemyslaw
    Krol, Pawel
    Kozlak, Jaroslaw
    COMPUTER SCIENCE-AGH, 2007, 8 : 93 - 108
  • [4] Network Anomaly Detection Based on Wavelet Analysis
    Wei Lu
    Ali A. Ghorbani
    EURASIP Journal on Advances in Signal Processing, 2009
  • [5] Network Anomaly Detection Based on Wavelet Analysis
    Lu, Wei
    Ghorbani, Ali A.
    EURASIP JOURNAL ON ADVANCES IN SIGNAL PROCESSING, 2009,
  • [6] Network Traffic Analysis based on Collective Anomaly Detection
    Ahmed, Mohiuddin
    Mahmood, Abdun Naser
    PROCEEDINGS OF THE 2014 9TH IEEE CONFERENCE ON INDUSTRIAL ELECTRONICS AND APPLICATIONS (ICIEA), 2014, : 1141 - 1146
  • [7] Network Traffic Anomaly Detection Based on Wavelet Analysis
    Du, Zhen
    Ma, Lipeng
    Li, Huakang
    Li, Qun
    Sun, Guozi
    Liu, Zichang
    2018 IEEE/ACIS 16TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING RESEARCH, MANAGEMENT AND APPLICATION (SERA), 2018, : 94 - 101
  • [8] Network Anomaly Detection with Payload-based Analysis
    Ozdel, Suleyman
    Ates, Pelin Damla
    Ates, Cagatay
    Koca, Mutlu
    Anarim, Emin
    2022 30TH SIGNAL PROCESSING AND COMMUNICATIONS APPLICATIONS CONFERENCE, SIU, 2022,
  • [9] Network Anomaly Detection Method Based on Residual Analysis
    Meng Y.
    Qin T.
    Zhao L.
    Ma W.
    Wang H.
    Hsi-An Chiao Tung Ta Hsueh/Journal of Xi'an Jiaotong University, 2020, 54 (01): : 42 - 48and84
  • [10] An Unsupervised Network Intrusion Detection Based on Anomaly Analysis
    Zhong, Jiang
    Deng, Xiongbing
    Wen, Luosheng
    Feng, Yong
    ICICTA: 2009 SECOND INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTATION TECHNOLOGY AND AUTOMATION, VOL II, PROCEEDINGS, 2009, : 367 - +
12345