Analysis of network traffic features for anomaly detection

Iglesias, Félix; Zseby, Tanja

doi:10.1007/s10994-014-5473-9

Cited by 166 publications

(72 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to increase the accuracy of the method considered and reduce the number of false positives, we propose to consider indirect supporting signs of attack, namely network characteristics. [42][43][44][45][46][47] describe the metrics by which cyber-attacks are indirectly detected. As an example, there is a model of a telecommunications network operating in an attack mode consisting of two steps, each of which violates the operation of the system with the probability p i .…”

Section: Resultsmentioning

confidence: 99%

Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

et al. 2019

View full text Add to dashboard Cite

The paper suggests a method of early detection of cyber-attacks by using DDoS attacks as an example) using the method of extreme filtering in a mode close real time. The process of decomposition of the total signal (additive superposition of attacking and legitimate effects) and its decomposition using the method of extreme filtering is simulated. A profile model of a stochastic network is proposed. This allows to specify the influence of the intruder on the network using probabilistic-time characteristics. Experimental evaluation of metrics characterizing the cyber-attack is given. It is demonstrated how obtained values of metrics confirm the process of attack preparation, for instance the large-scaled telecommunication network, which includes the proposed method for early detection of attacks, has a recovery time of no more than 9 s, and the parameters of quality of service remain in an acceptable range.Keywords: DDoS; detection of cyber-attacks; extreme filtering; signal decomposition; stochastic network conversion method IntroductionFor the period from 2019 to 2024, one of the national projects in Russia was the "Digital Economy" project, the main tasks of which were to ensure information security in the transmission, processing, and storage of data [1]. This task was fully valid for modern power supply systems and grids, especially in modern conditions, where smart electronic devices and software-defined networks are embedded in energy power infrastructures [2,3].This fact confirms the relevance of information security and the need for diverse solutions in this area. References [4][5][6][7][8][9][10][11][12][13][14][15] describe the most common types of attacks, especially DDOS attacks. According to the Kaspersky Lab, in 2019 the total number of attacks and the number of smart attacks (i.e., attacks which require more thorough preparation and are directed on the most vulnerable network element) were increased. Moreover, despite a decrease in the average duration of DDOS attacks, the duration of smart attacks increased. The longest attacks that were employed lasted 509 h. The dynamics of the distribution of the total duration of attacks during the year had not changed much: those attacks that lasted no more than 4 hours dominate. At the same time, the cost of DDOS attacks was reduced due to their simple implementation [16]. However, if we take into account the fact that each year the implementation time of the longest attacks significantly increases (329 h in 2018 and 509 in 2019), the ever-increasing influence of these attacks on various organizations becomes obvious. Thus, the negative effect of attacks increases. Therefore, the issue of timely detection of such actions

show abstract

Section: Resultsmentioning

confidence: 99%

Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

et al. 2019

View full text Add to dashboard Cite

show abstract

“…(DoS) attack, probe attack, user to root (U2R) attack, and remote to local (R2L) attack. The detail description about the NSL-KDD dataset can be found in [35][36][37]. Table 2 lists the number of instances in the training and testing sets.…”

Section: The Proposed Methodsmentioning

confidence: 99%

Towards Effective Network Intrusion Detection: A Hybrid Model Integrating Gini Index and GBDT with PSO

Bai

et al. 2018

Journal of Sensors

View full text Add to dashboard Cite

In order to protect computing systems from malicious attacks, network intrusion detection systems have become an important part in the security infrastructure. Recently, hybrid models that integrating several machine learning techniques have captured more attention of researchers. In this paper, a novel hybrid model was proposed with the purpose of detecting network intrusion effectively. In the proposed model, Gini index is used to select the optimal subset of features, the gradient boosted decision tree (GBDT) algorithm is adopted to detect network attacks, and the particle swarm optimization (PSO) algorithm is utilized to optimize the parameters of GBDT. The performance of the proposed model is experimentally evaluated in terms of accuracy, detection rate, precision, F1-score, and false alarm rate using the NSL-KDD dataset. Experimental results show that the proposed model is superior to the compared methods.

show abstract

“…Eight numbers of hidden units are considered to collect the average of accuracy, the average of loss, the training time and the testing time of the ADDM. The numbers of hidden units used are 3,4,5,6,7,8,9, and 10. Table 3 summarizes the obtained results for each number of hidden units.…”

Section: B Optimum Pcc Threshold Selectionmentioning

confidence: 99%

“…Kim K. J. et al [8] have presented many optimization techniques that can improve the performance of a neural network for classification tasks. To improve the processing time and detection performance of the proposed method relevant features are selected using a Correlation-based Feature Selection method [9], [10]. The proposed method was evaluated on two datasets namely NSL-KDD [11] and UNSW-NB15 [12], [13].…”

Section: Introductionmentioning

confidence: 99%

DoS Detection Method based on Artificial Neural Networks

Idhammad¹,

Afdel²,

Belouch³

2017

ijacsa

View full text Add to dashboard Cite

Abstract-DoS attack tools have become increasingly sophisticated challenging the existing detection systems to continually improve their performances. In this paper we present a victimend DoS detection method based on Artificial Neural Networks (ANN). In the proposed method a Feed-forward Neural Network (FNN) is optimized to accurately detect DoS attack with minimum resources usage. The proposed method consists of the following three major steps: (1) Collection of the incoming network traffic, (2) selection of relevant features for DoS detection using an unsupervised Correlation-based Feature Selection (CFS) method, (3) classification of the incoming network traffic into DoS traffic or normal traffic. Various experiments were conducted to evaluate the performance of the proposed method using two public datasets namely UNSW-NB15 and NSL-KDD. The obtained results are satisfactory when compared to the state-of-the-art DoS detection methods.

show abstract

Analysis of network traffic features for anomaly detection

Cited by 166 publications

References 33 publications

Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

Towards Effective Network Intrusion Detection: A Hybrid Model Integrating Gini Index and GBDT with PSO

DoS Detection Method based on Artificial Neural Networks

Contact Info

Product

Resources

About