Machine Learning in Network Anomaly Detection: A Survey

Wang, Song; Balarezo, Juan Fernando; Kandeepan, Sithamparanathan; Al‐Hourani, Akram; Chavez, Karina Gomez; Rubinstein, Benjamin I. P.

doi:10.1109/access.2021.3126834

Cited by 58 publications

(40 citation statements)

References 98 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The focus here is on novel ML-based IDS. The ML-based anomaly detection methods in IDS [19] can be classified into supervised learning, semi-supervised learning, unsupervised learning, reinforcement learning, and graph neural networks [20]. The limitations of traditional (shallow) ML-based IDS, such as the reliance on manual feature engineering to extract useful information from network traffic and dealing with unlabeled, high-dimensional data, have paved the way for Deep Learning (DL)-based IDS [21] that do not require manual feature engineering and can automatically learn complex features from raw data due to their deeper structure [22].…”

Section: A Anomaly Detectionmentioning

confidence: 99%

Open or not open: Are conventional radio access networks more secure and trustworthy than Open-RAN?

Klement¹,

Katzenbeisser²,

Ulitzsch³

et al. 2022

Preprint

View full text Add to dashboard Cite

The Open RAN architecture is a promising and future-oriented architecture. It is intended to open up the radio access network (RAN) and enable more innovation and competition in the market. This will lead to RANs for current 5G networks, but especially for future 6G networks, evolving from the current highly integrated, vendor-specific RAN architecture towards disaggregated architectures with open interfaces that will enable to better tailor RAN solutions to the requirements of 5G and 6G applications. However, the introduction of such an open architecture substantially broadens the attack possibilities when compared to conventional RANs. In the past, this has often led to negative headlines that in summary have associated Open RAN with faulty or inadequate security. In this paper, we analyze what components are involved in an Open RAN deployment, how to assess the current state of security, and what measures need to be taken to ensure secure operation.

show abstract

Section: A Anomaly Detectionmentioning

confidence: 99%

Open or not open: Are conventional radio access networks more secure and trustworthy than Open-RAN?

Klement¹,

Katzenbeisser²,

Ulitzsch³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Аналіз роботи цих засобів показує, що більшість із них виконують лише одну або кілька специфічних функцій, які не можуть забезпечити тією чи іншою мірою складності захисту інформації, необхідної для майбутніх інфокомунікаційних мереж. Також, згідно із [4][5][6][7], встановлено, що наявні DPI системи потрубують нових інтелектуальних алгоритмів виявлення аномалій та атак для забезпечення необхідного рівня якості обслуговування та безпеки в перспективних програмно-конфігурованих мережах. Для ефективнішого виявлення нових атак у роботі [8] запропоновано модель виявлення аномалії із використанням вектора показника Херста та мультифрактального спектра.…”

Section: вступunclassified

Інтелектуальна Система Моніторингу Та Аналізу Трафіку Для Виявлення Атак В Програмно-Конфігурованих Мережах

Бешлей¹,

Прислупський²,

Медвецький³

et al. 2022

ICTEE

View full text Add to dashboard Cite

Today, the task of monitoring, security, management, traffic prioritization and optimization of the overall load on the network infrastructure is becoming extremely important not only for the corporate sector, but also for mobile and fixed-line operators. Current trends in Internet content services indicate that the requirements for traffic management are unpredictable. Therefore, service providers must implement new algorithms to monitor and analyze network traffic to detect attacks in today's networks, where software can be updated to support changing traffic management and control requirements as needed. That is why this paper developed a unique algorithm for monitoring and analyzing network traffic, which improved the efficiency of standard intrusion detection and prevention systems by using intelligent multifractal processes for analyzing incoming traffic. It has been experimentally proved that the use of the developed algorithms in the communication infrastructure allowed to reduce data losses up to 5 % if malicious traffic was present in the communication channels.

show abstract

“…Different from conventional methods, the application of machine learning in network traffic forwarding policy making can reduce the technical risk caused by manual maintenance of the rule base, increase the hit rate of judging abnormal traffic, and reduce the investment cost of hardware equipment [20,21]. The existing machine learning methods for traffic forwarding policy making are mainly divided into unsupervised learning methods and supervised learning methods [21,22]. Although unsupervised learning does not need to label abnormal sample data, it requires a large number of samples for training, and the model effect is not as good as supervised learning methods [21,23].…”

Section: Introductionmentioning

confidence: 99%

“…The existing machine learning methods for traffic forwarding policy making are mainly divided into unsupervised learning methods and supervised learning methods [21,22]. Although unsupervised learning does not need to label abnormal sample data, it requires a large number of samples for training, and the model effect is not as good as supervised learning methods [21,23]. The supervised learning methods produce models with good adaptability by clustering abnormal sample data, but the common supervised learning methods also have the disadvantage of insufficient interpretability [21].…”

Section: Introductionmentioning

confidence: 99%

“…Although unsupervised learning does not need to label abnormal sample data, it requires a large number of samples for training, and the model effect is not as good as supervised learning methods [21,23]. The supervised learning methods produce models with good adaptability by clustering abnormal sample data, but the common supervised learning methods also have the disadvantage of insufficient interpretability [21]. Therefore, how to overcome the shortcomings of the existing technology is an urgent problem to be solved in the network security technology field.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Random Fourier Approximation of the Kernel Function in Programmable Networks

Guo

Chen

et al. 2022

Applied Mathematics and Nonlinear Sciences

View full text Add to dashboard Cite

Random Fourier features represent one of the most influential and wide-spread techniques in machine learning to scale up kernel algorithms. As the methods based on random Fourier approximation of the kernel function can overcome the shortcomings of machine learning methods that require a large number of labeled sample, it is effective to be applied to the practical areas where samples are difficult to obtain. Network traffic forwarding policy making is one such practical application, and it is widely concerned in the programmable networks. With the advantages of kernel techniques and random Fourier features, this paper proposes an application of network traffic forwarding policy making method based on random Fourier approximation of kernel function in programmable networks to realize traffic forwarding policy making to improve the security of networks. The core of the method is to map traffic forwarding features to Hilbert high-dimensional space through random Fourier transform, and then uses the principle of maximum interval to detect adversarial samples. Compared with the traditional kernel function method, it improves the algorithm efficiency from square efficiency to linear efficiency. The AUC on the data set from real-world network reached 0.9984, showing that the method proposed can realize traffic forwarding policy making effectively to improve the security of programmable networks.

show abstract

Machine Learning in Network Anomaly Detection: A Survey

Cited by 58 publications

References 98 publications

Open or not open: Are conventional radio access networks more secure and trustworthy than Open-RAN?

Open or not open: Are conventional radio access networks more secure and trustworthy than Open-RAN?

Інтелектуальна Система Моніторингу Та Аналізу Трафіку Для Виявлення Атак В Програмно-Конфігурованих Мережах

Random Fourier Approximation of the Kernel Function in Programmable Networks

Contact Info

Product

Resources

About