PRACTICAL NETWORK ANOMALY DETECTION USING DATA MINING TECHNIQUES

Authors

  • Xiejun Ni East China Normal University
  • D He East China Normal University
  • F Ahmad University of Central Punjab, Lahore pakistan

DOI:

https://doi.org/10.21015/vtse.v9i2.403

Abstract

Network anomaly detection is an effective way to detect intrusions which defends our computer systems or network from attackers on the Internet. In this paper, we introduce the current research works in network anomaly detection and consider serveral pratical solutions for this issue. Different from signature-based method, data mining techniques can automatically extract normal pattern from a large set of network data and distinguish them from each other. However, those data mining techniques, such as classification, clustering, association rules and feature selection, can not be applied into this problem directly due to the characteristic of network data and technique themseleves. We analyze those unfitness and propose some adaptation to detect anomaly timely and accurately.

References

Roesch M. (1999).Snort: Lightweight Intrusion Detection for NetworksLISA. 99(1):229-238.

Patcha A, Park J M. (2007).An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer networks, 51(12): 3448-3470. DOI: https://doi.org/10.1016/j.comnet.2007.02.001

Luo Y B, Wang B S, Sun Y P, et al. (2013) FL-LPVG: An approach for anomaly detection based on low-level limited penetrable visibility graph. DOI: https://doi.org/10.1049/cp.2013.2470

Tran Q A, Duan H, Li X. (2004).One-class support vector machine for anomaly network traffic detection. China Education and Research Network (CERNET), Tsinghua University, Main Building, 310.

Hu W, Hu W. (2005).Network-based intrusion detection using Adaboost algorithmWeb Intelligence, 2005. Proceedings. The 2005 IEEE/WIC/ACM International Conference on. IEEE, 2005: 712-717.

Zhou Q, Gu L, Wang C, et al. (2006).Using an improved C4. 5 for imbalanced dataset of intrusion. Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services. ACM, 67. DOI: https://doi.org/10.1145/1501434.1501513

Zhang J, Zulkernine M, Haque A. (2008).Random-forests-based network intrusion detection systems. Systems, Man, and Cybernetics, Part C: Applications and Reviews,IEEE Transactions on, 38(5): 649-659. DOI: https://doi.org/10.1109/TSMCC.2008.923876

Tong X, Wang Z, Yu H. (2009).A research using hybrid RBF/Elman neural networks for intrusion detection system secure model. Computer physics communications, 180(10): 1795-1801. DOI: https://doi.org/10.1016/j.cpc.2009.05.004

Hand D J, Mannila H, Smyth P. (2001).Principles of data mining. MIT press. DOI: https://doi.org/10.1002/9780470057339.vad002

Camacho J, Macia-Fernandez G, Diaz-Verdejo J, et al.(2014). Tackling the Big Data 4 vs for anomaly detection. Computer Communications Workshops (INFOCOMWKSHPS), 2014 IEEE Conference on. IEEE, 500-505. DOI: https://doi.org/10.1109/INFCOMW.2014.6849282

Lippmann R, Haines J W, Fried D J, et al.(2000).The 1999 DARPA off-line intrusion detection evaluation. Computer networks. 34(4): 579-595. DOI: https://doi.org/10.1016/S1389-1286(00)00139-0

Tavallaee M, Bagheri E, Lu W, et al. (2009).A detailed analysis of the KDD CUP 99 data set. Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009. DOI: https://doi.org/10.1109/CISDA.2009.5356528

Lee W, Stolfo S J. (1009).Data mining approaches for intrusion detection. Usenix security.

Jianliang M, Haikun S, Ling B. (2009).The application on intrusion detection based on k-means cluster algorithm. Information Technology and Applications, 2009. IFITA'09. International Forum on. IEEE, 1: 150-152. DOI: https://doi.org/10.1109/IFITA.2009.34

Jiang W, Yao M, Yan J. (2008).Intrusion detection based on improved fuzzy c-means algorithm. Information Science and Engineering, 2008. ISISE'08. International Symposium on. IEEE, 2: 326-329.

Oh S H, Lee W S. (2003).An anomaly intrusion detection method by clustering normal user behavior. Computers & Security, 22(7): 596-612. DOI: https://doi.org/10.1016/S0167-4048(03)00710-7

Egilmez H E, Ortega A. (2014).Spectral anomaly detection using graph-based filtering for wireless sensor networks. Acoustics, Speech and Signal Processing (ICASSP), 2014 IEEE International Conference on. IEEE, 1085-1089. DOI: https://doi.org/10.1109/ICASSP.2014.6853764

Leung K, Leckie C. (2005).Unsupervised anomaly detection in network intrusion detection using clusters. Proceedings of the Twenty-eighth Australasian conference on Computer Science-Volume 38. Australian Computer Society, Inc. 333-342.

Ramaswamy S, Rastogi R, Shim K. (2000).Efficient algorithms for mining outliers from large data sets. ACM SIGMOD Record. ACM, 29(2): 427-438. DOI: https://doi.org/10.1145/335191.335437

Breunig M M, Kriegel H P, Ng R T, et al. (2000).LOF: identifying density-based local outliers. ACM sigmod record. ACM, 29(2): 93-104. DOI: https://doi.org/10.1145/335191.335388

Knox E M, Ng R T. (1998).Algorithms for mining distancebased outliers in large datasets. Proceedings of the International Conference on Very Large Data Bases. 392-403.

W. Lee, S.J. Stolfo, K.W. (1999). Mok, A data mining framework for building intrusion detection models, in: Proceedings of the IEEE Symposium on Security and Privacy, Oakland,CA, pp. 120–132.

D. Barbara, J. Couto, S. Jajodia, N. Wu. (2001). ADAM: a testbed for exploring the use of data mining in intrusion detection,ACM SIGMOD Record: SPECIAL ISSUE: Special section on data mining for intrusion detection and threat analysis 30:15–24. DOI: https://doi.org/10.1145/604264.604268

Peng H, Long F, Ding C. (2005).Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy. Pattern Analysis and Machine Intelligence, IEEE Transactions on, 27(8): 1226-1238. DOI: https://doi.org/10.1109/TPAMI.2005.159

Downloads

Published

2016-08-03

How to Cite

Ni, X., He, D., & Ahmad, F. (2016). PRACTICAL NETWORK ANOMALY DETECTION USING DATA MINING TECHNIQUES. VFAST Transactions on Software Engineering, 4(1), 21–26. https://doi.org/10.21015/vtse.v9i2.403

Issue

Vol. 4 No. 1 (2016): January-December

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC-By) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

                                      

This work is licensed under a Creative Commons Attribution  License CC BY