Performance of Flow-based Anomaly Detection in Sampled Traffic

Jadidi, Zahra; Muthukkumarasamy, Vallipuram; Sithirasenan, Elankayer; Singh, Kalvinder

doi:10.4304/jnw.10.9.512-520

Cited by 9 publications

(8 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Anomaly detection is a broad area of research that has applications in medicine [6], finance [7], computer networks [8,9], and most recently the Internet of things [10][11][12] as well as several other business domains. According to a seminal work by Chandola et al [13], "anomalies are patterns in data that do not conform to a well-defined notion of normal behavior.…”

Section: Literature Reviewmentioning

confidence: 99%

Estimating the effect of network element events in a wireless network

Vela¹,

Kraus²,

Friedman³

et al. 2018

J Wireless Com Network

View full text Add to dashboard Cite

Network events, like outages, are costly events for communication service providers (CSPs) not only because they represent lost revenue but also because of adverse effects suffered by the CSP's customers. Quantifying the effect of negative events on certain key performance indicators allows the CSP to measure the network resources impacted, to provide data for a more robust revenue assurance process, and to assign appropriate severity to the events. These additional insights may help optimize the resource allocation, ticketing, and troubleshooting response times. This paper presents a novel heuristic algorithm that takes advantage of the daily patterns observed in most key performance indicators of a wireless network and the stability observed in the differences between the original time series and the lagged version. The proposed algorithm uses those differences and the previous actual values to make accurate predictions of time-series traffic volume data that represent the estimated effect of a wireless network event. The performance of the algorithm is compared with that of the state-of-the-art autoregressive, integrated, moving average (ARIMA) model and the results are reported. The proposed algorithm has reduced standard deviation in error percentage by 4.8 percentage points, has no negative bias, and executes 97% faster than the ARIMA model. The algorithm provides an accurate methodology for online or batch network event impact estimation that could potentially be implemented in traditional relational database management systems (SQL) or Big Data environments.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Estimating the effect of network element events in a wireless network

Vela¹,

Kraus²,

Friedman³

et al. 2018

J Wireless Com Network

View full text Add to dashboard Cite

show abstract

“…The adaptive sampling method focuses more on the flows with rare features to improve anomaly detection in sampled traffic. Another two-stage flow sampling technique is proposed in [43] in which a GSA-based classifier is investigated in detecting anomalies in sampled traffic. Then, a flow sampling method is proposed to improve the detection rate.…”

Section: Related Workmentioning

confidence: 99%

Intelligent Sampling Using an Optimized Neural Network

Jadidi¹,

Muthukkumarasamy²,

Sithirasenan³

et al. 2016

JNW

Self Cite

View full text Add to dashboard Cite

Modern Internet has enabled wider usage, resulting in increased network traffic. Due to the high volume of data packets in networking, sampling techniques are widely used in flow-based network management software to manage traffic load. However, sampling processes reduce the likelihood of anomaly detection. Many studies have been carried out at improving the accuracy of anomaly detection. However, only a few studies have considered it with sampled flow traffic. In our study, we investigate the use of an artificial neural network (ANN)based classifier to improve the accuracy of flow-based anomaly detection in sampled traffic. A feedback from the ANN-based anomaly detector determines the type of the flow sampling method that should be used. Our proposed technique handles malicious flows and benign flows with different sampling methods. To evaluate the proposed sampling technique, a number of flow-based datasets are generated. Our experiments confirm that the proposed technique improves the percentage of the sampled malicious flows by about 7% and it can preserve the majority of traffic information.

show abstract

“…The accuracy of the proposed MABIDS is calculated for both KDD Cup and CAIDA data sets, and the results are shown in Figure . From this evaluation, it is observed that the results of MAVIDS with CAIDA data set provides higher accuracy when compared with MABIDS with KDD Cup data set.…”

Section: Performance Analysismentioning

confidence: 99%

A new ontology‐based multi agent framework for intrusion detection

Retnaswamy¹,

Ponniah²

2016

Int J Communication

View full text Add to dashboard Cite

Ontologies play an essential role in knowledge sharing and exploration, especially in multiagent systems. Intrusion is an unauthorized activity in a network, which is achieved by either active manner (information gathering) or passive manner (harmful packet forwarding). Most of the existing intrusion detection system (IDS) suffers from the following issues: it is usually adjusted to detect known service level network attacks and leaves from vulnerable to original and novel malicious attacks. Thus, it provides low accuracy and detection rate, which are the important problems of existing IDS. To overwhelm these drawbacks, an ontology-based multiagent IDS framework is developed in this work for intrusion detection. The main intention of this work is to detect the network attacks with the help of multiple detection agents. In this analysis, there are 3 different types of agents, ie, IDS broker, deputy commander, and response agent, which are used to prevent and detect the attacks in a network. The novel concept of this work is based on the concept of signature matching; it identifies and detects the attackers with the help of multiple agents.

show abstract

Performance of Flow-based Anomaly Detection in Sampled Traffic

Cited by 9 publications

References 38 publications

Estimating the effect of network element events in a wireless network

Estimating the effect of network element events in a wireless network

Intelligent Sampling Using an Optimized Neural Network

A new ontology‐based multi agent framework for intrusion detection

Contact Info

Product

Resources

About