Network traffic anomaly detection using machine learning approaches

Limthong, Kriangkrai; Tawsook, Thidarat

doi:10.1109/noms.2012.6211951

Cited by 17 publications

(3 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A. Our approach ML-based anomaly detection techniques have shown promising results in the past [15], [16]. Malware detection in network traffic is necessary nonetheless an overhead in customer-facing services like IoT devices.…”

Section: Methodsmentioning

confidence: 99%

Detecting Attacks on IoT Devices using Featureless 1D-CNN

Khan,

Cotton

2021

Preprint

View full text Add to dashboard Cite

The generalization of deep learning has helped us, in the past, address challenges such as malware identification and anomaly detection in the network security domain. However, as effective as it is, scarcity of memory and processing power makes it difficult to perform these tasks in Internet of Things (IoT) devices. This research finds an easy way out of this bottleneck by depreciating the need for feature engineering and subsequent processing in machine learning techniques. In this study, we introduce a Featureless machine learning process to perform anomaly detection. It uses unprocessed byte streams of packets as training data. Featureless machine learning enables a low cost and low memory time-series analysis of network traffic. It benefits from eliminating the significant investment in subject matter experts and the time required for feature engineering.

show abstract

Section: Methodsmentioning

confidence: 99%

Detecting Attacks on IoT Devices using Featureless 1D-CNN

Khan,

Cotton

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…It can be in various forms, like malware recognition, anomaly detection, or behavior classification. Detecting cyber attacks using ML has shown promising results in the past [22,23]. However, their deployment on IoT devices is unrealistic, as they involve computationally extensive feature engineering and require deep classifiers for precision.…”

Section: Feature Engineering-less MLmentioning

confidence: 99%

Efficient Attack Detection in IoT Devices using Feature Engineering-Less Machine Learning

Khan¹,

Cotton²

2022

IJCSIT

View full text Add to dashboard Cite

Through the generalization of deep learning, the research community has addressed critical challenges in the network security domain, like malware identification and anomaly detection. However, they have yet to discuss deploying them on Internet of Things (IoT) devices for day-to-day operations. IoT devices are often limited in memory and processing power, rendering the compute-intensive deep learning environment unusable. This research proposes a way to overcome this barrier by bypassing feature engineering in the deep learning pipeline and using raw packet data as input. We introduce a feature- engineering-less machine learning (ML) process to perform malware detection on IoT devices. Our proposed model,” Feature- engineering-less-ML (FEL-ML),” is a lighter-weight detection algorithm that expends no extra computations on “engineered” features. It effectively accelerates the low-powered IoT edge. It is trained on unprocessed byte-streams of packets. Aside from providing better results, it is quicker than traditional feature-based methods. FEL-ML facilitates resource-sensitive network traffic security with the added benefit of eliminating the significant investment by subject matter experts in feature engineering.

show abstract

“…Signature-based NAD can detect attacks in specific patterns through rule matching [2]. Although it has the advan-tages of high accuracy and rapid speed, the manually set rules cannot adapt to continuously changing network environment and fails on zero-day attacks.…”

Section: Introductionmentioning

confidence: 99%

An Accuracy Network Anomaly Detection Method Based on Ensemble Model

Liu

Xiong

et al. 2021

ICASSP 2021 - 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)

View full text Add to dashboard Cite

Identifying network anomaly detection is important since they may carry critical information in circumstances such as a burst of intrusions, privacy theft, system damage and fraudulent activities. In recent years, there are many detection methods for network anomalies are proposed, however, a single model always faces the problems of over or under-fitting, high bias and variance. An improved method is to comprehensively use the results of multiple models and then reform the final predictions. This paper introduces an ensemble model, which is a powerful technique to increase accuracy on network anomaly detection. By combining three base models Xgboost, LightGBM and Catboost into one anomaly detector, we successfully detect different DDOS-smurf and Probing activities. This ensemble model is verified on ZYELL-NCTU net traffic, which is a large-scale dataset for read-world network anomaly detection. All code are open source in Github and can be directly run on Colab Jupyter Notebook.

show abstract

Network traffic anomaly detection using machine learning approaches

Cited by 17 publications

References 8 publications

Detecting Attacks on IoT Devices using Featureless 1D-CNN

Detecting Attacks on IoT Devices using Featureless 1D-CNN

Efficient Attack Detection in IoT Devices using Feature Engineering-Less Machine Learning

An Accuracy Network Anomaly Detection Method Based on Ensemble Model

Contact Info

Product

Resources

About