PRACTICAL NETWORK ANOMALY DETECTION USING DATA MINING TECHNIQUES

Xiejun Ni, Daojing He, Farooq Ahmad

Abstract


Network anomaly detection is an effective way to detect intrusions which defends our computer systems or network from attackers on the Internet. In this paper, we introduce the current research works in network anomaly detection and consider serveral pratical solutions for this issue. Different from signature-based method, data mining techniques can automatically extract normal pattern from a large set of network data and distinguish them from each other. However, those data mining techniques, such as classification, clustering, association rules and feature selection, can not be applied into this problem directly due to the characteristic of network data and technique themseleves. We analyze those unfitness and propose some adaptation to detect anomaly timely and accurately.

Full Text:

PDF

References


Roesch M. (1999).Snort: Lightweight Intrusion Detection for NetworksLISA. 99(1):229-238.

Patcha A, Park J M. (2007).An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer networks, 51(12): 3448-3470.

Luo Y B, Wang B S, Sun Y P, et al. (2013) FL-LPVG: An approach for anomaly detection based on low-level limited penetrable visibility graph.

Tran Q A, Duan H, Li X. (2004).One-class support vector machine for anomaly network traffic detection. China Education and Research Network (CERNET), Tsinghua University, Main Building, 310.

Hu W, Hu W. (2005).Network-based intrusion detection using Adaboost algorithmWeb Intelligence, 2005. Proceedings. The 2005 IEEE/WIC/ACM International Conference on. IEEE, 2005: 712-717.

Zhou Q, Gu L, Wang C, et al. (2006).Using an improved C4. 5 for imbalanced dataset of intrusion. Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services. ACM, 67.

Zhang J, Zulkernine M, Haque A. (2008).Random-forests-based network intrusion detection systems. Systems, Man, and Cybernetics, Part C: Applications and Reviews,IEEE Transactions on, 38(5): 649-659.

Tong X, Wang Z, Yu H. (2009).A research using hybrid RBF/Elman neural networks for intrusion detection system secure model. Computer physics communications, 180(10): 1795-1801.

Hand D J, Mannila H, Smyth P. (2001).Principles of data mining. MIT press.

Camacho J, Macia-Fernandez G, Diaz-Verdejo J, et al.(2014). Tackling the Big Data 4 vs for anomaly detection. Computer Communications Workshops (INFOCOMWKSHPS), 2014 IEEE Conference on. IEEE, 500-505.

Lippmann R, Haines J W, Fried D J, et al.(2000).The 1999 DARPA off-line intrusion detection evaluation. Computer networks. 34(4): 579-595.

Tavallaee M, Bagheri E, Lu W, et al. (2009).A detailed analysis of the KDD CUP 99 data set. Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009.

Lee W, Stolfo S J. (1009).Data mining approaches for intrusion detection. Usenix security.

Jianliang M, Haikun S, Ling B. (2009).The application on intrusion detection based on k-means cluster algorithm. Information Technology and Applications, 2009. IFITA'09. International Forum on. IEEE, 1: 150-152.

Jiang W, Yao M, Yan J. (2008).Intrusion detection based on improved fuzzy c-means algorithm. Information Science and Engineering, 2008. ISISE'08. International Symposium on. IEEE, 2: 326-329.

Oh S H, Lee W S. (2003).An anomaly intrusion detection method by clustering normal user behavior. Computers & Security, 22(7): 596-612.

Egilmez H E, Ortega A. (2014).Spectral anomaly detection using graph-based filtering for wireless sensor networks. Acoustics, Speech and Signal Processing (ICASSP), 2014 IEEE International Conference on. IEEE, 1085-1089.

Leung K, Leckie C. (2005).Unsupervised anomaly detection in network intrusion detection using clusters. Proceedings of the Twenty-eighth Australasian conference on Computer Science-Volume 38. Australian Computer Society, Inc. 333-342.

Ramaswamy S, Rastogi R, Shim K. (2000).Efficient algorithms for mining outliers from large data sets. ACM SIGMOD Record. ACM, 29(2): 427-438.

Breunig M M, Kriegel H P, Ng R T, et al. (2000).LOF: identifying density-based local outliers. ACM sigmod record. ACM, 29(2): 93-104.

Knox E M, Ng R T. (1998).Algorithms for mining distancebased outliers in large datasets. Proceedings of the International Conference on Very Large Data Bases. 392-403.

W. Lee, S.J. Stolfo, K.W. (1999). Mok, A data mining framework for building intrusion detection models, in: Proceedings of the IEEE Symposium on Security and Privacy, Oakland,CA, pp. 120–132.

D. Barbara, J. Couto, S. Jajodia, N. Wu. (2001). ADAM: a testbed for exploring the use of data mining in intrusion detection,ACM SIGMOD Record: SPECIAL ISSUE: Special section on data mining for intrusion detection and threat analysis 30:15–24.

Peng H, Long F, Ding C. (2005).Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy. Pattern Analysis and Machine Intelligence, IEEE Transactions on, 27(8): 1226-1238.




DOI: http://dx.doi.org/10.21015/vtse.v9i2.403

Refbacks

  • There are currently no refbacks.