Autonomous profile-based anomaly detection system using principal component analysis and flow analysis

Different techniques and methods have been widely used in the subject of automatic anomaly detection in computer networks. Attacks, problems and internal failures when not detected early may badly harm an entire Network system. Thus, an autonomous anomaly detection system based on the statistical method principal component analysis (PCA) is proposed. This approach creates a network profile called Digital Signature of Network Segment using Flow Analysis (DSNSF) that denotes the predicted normal behavior of a network traffic activity through historical data analysis. That digital signature is used as a threshold for volume anomaly detection to detect disparities in the normal traffic trend. The proposed system uses seven traffic flow attributes: bits, packets and number of flows to detect problems, and source and destination IP addresses and Ports, to provides the network administrator necessary information to solve them. Via evaluation techniques performed in this paper using real network traffic data, results showed good traffic prediction by the DSNSF and encouraging false alarm generation and detection accuracy on the detection schema using thresholds. (C) 2015 Elsevier B.V. All rights reserved.