Automatic detection of computer network traffic anomalies based on eccentricity analysis

Martins, Rodrigo Siqueira and Angelov, Plamen and Costa, Bruno Sielly Jales (2018) Automatic detection of computer network traffic anomalies based on eccentricity analysis. In: 2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., BRA. ISBN 9781509060207

[img]
Text (WCCI_verReview1)
WCCI_verReview1.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.

Download (694kB)

Abstract

In this paper, we propose an approach to automatic detection of attacks on computer networks using data that combine the traffic generated with'live' intra-cloud virtual-machine (VM) migration. The method used in this work is the recently introduced typicality and eccentricity data analytics (TEDA) framework. We compare the results of applying TEDA with the traditionally used methods such as statistical analysis, such as k-means clustering. One of the biggest challenges in computer network analysis using statistical or numerical methods is the fact that the protocols information is composed of integer/string values and, thus, not easy to handle by traditional pattern recognition methods that deal with real values. In this study we consider as features the tuple {IP source, IP destination, Port source and Port destination} extracted from the network flow data in addition to the traditionally used real values that represent the number of packets per time or quantity of bytes per time. Using entropy of the IP data helps to convert the integer raw data into real valued signatures. The proposed solution permit to build a real-time anomaly detection system and reduce the number of information that is necessary for evaluation. In general, the systems based on traffic are fast and are used in real time but they do not produce good results in attacks that produce a flow hidden within the background traffic or within a high traffic that is produced by other application. We validate our approach an a dataset which includes attacks on the network port scan (NPS) and network scan (NS) that permit hidden flow within the normal traffic and see this attacks together with live migration which produces a higher traffic flow.

Item Type:
Contribution in Book/Report/Proceedings
Additional Information:
©2018 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Uncontrolled Keywords:
/dk/atira/pure/subjectarea/asjc/2600/2604
Subjects:
ID Code:
134207
Deposited By:
Deposited On:
22 Jun 2019 00:56
Refereed?:
Yes
Published?:
Published
Last Modified:
30 Sep 2020 04:19