Abstract:In recent years, flow-based anomaly detection has attracted considerable attention from many researchers and some methods have been proposed to improve its accuracy. However, only a few studies have considered anomaly detection with sampled flow traffic, which is widely used for the management of high-speed networks. This gap is addressed in this study. First, we optimize an artificial neural network (ANN)-based classifier to detect anomalies in flow traffic. The results show that although it has a high degree… Show more
“…Anomaly detection is a broad area of research that has applications in medicine [6], finance [7], computer networks [8,9], and most recently the Internet of things [10][11][12] as well as several other business domains. According to a seminal work by Chandola et al [13], "anomalies are patterns in data that do not conform to a well-defined notion of normal behavior.…”
Network events, like outages, are costly events for communication service providers (CSPs) not only because they represent lost revenue but also because of adverse effects suffered by the CSP's customers. Quantifying the effect of negative events on certain key performance indicators allows the CSP to measure the network resources impacted, to provide data for a more robust revenue assurance process, and to assign appropriate severity to the events. These additional insights may help optimize the resource allocation, ticketing, and troubleshooting response times. This paper presents a novel heuristic algorithm that takes advantage of the daily patterns observed in most key performance indicators of a wireless network and the stability observed in the differences between the original time series and the lagged version. The proposed algorithm uses those differences and the previous actual values to make accurate predictions of time-series traffic volume data that represent the estimated effect of a wireless network event. The performance of the algorithm is compared with that of the state-of-the-art autoregressive, integrated, moving average (ARIMA) model and the results are reported. The proposed algorithm has reduced standard deviation in error percentage by 4.8 percentage points, has no negative bias, and executes 97% faster than the ARIMA model. The algorithm provides an accurate methodology for online or batch network event impact estimation that could potentially be implemented in traditional relational database management systems (SQL) or Big Data environments.
“…Anomaly detection is a broad area of research that has applications in medicine [6], finance [7], computer networks [8,9], and most recently the Internet of things [10][11][12] as well as several other business domains. According to a seminal work by Chandola et al [13], "anomalies are patterns in data that do not conform to a well-defined notion of normal behavior.…”
Network events, like outages, are costly events for communication service providers (CSPs) not only because they represent lost revenue but also because of adverse effects suffered by the CSP's customers. Quantifying the effect of negative events on certain key performance indicators allows the CSP to measure the network resources impacted, to provide data for a more robust revenue assurance process, and to assign appropriate severity to the events. These additional insights may help optimize the resource allocation, ticketing, and troubleshooting response times. This paper presents a novel heuristic algorithm that takes advantage of the daily patterns observed in most key performance indicators of a wireless network and the stability observed in the differences between the original time series and the lagged version. The proposed algorithm uses those differences and the previous actual values to make accurate predictions of time-series traffic volume data that represent the estimated effect of a wireless network event. The performance of the algorithm is compared with that of the state-of-the-art autoregressive, integrated, moving average (ARIMA) model and the results are reported. The proposed algorithm has reduced standard deviation in error percentage by 4.8 percentage points, has no negative bias, and executes 97% faster than the ARIMA model. The algorithm provides an accurate methodology for online or batch network event impact estimation that could potentially be implemented in traditional relational database management systems (SQL) or Big Data environments.
“…The adaptive sampling method focuses more on the flows with rare features to improve anomaly detection in sampled traffic. Another two-stage flow sampling technique is proposed in [43] in which a GSA-based classifier is investigated in detecting anomalies in sampled traffic. Then, a flow sampling method is proposed to improve the detection rate.…”
Modern Internet has enabled wider usage, resulting in increased network traffic. Due to the high volume of data packets in networking, sampling techniques are widely used in flow-based network management software to manage traffic load. However, sampling processes reduce the likelihood of anomaly detection. Many studies have been carried out at improving the accuracy of anomaly detection. However, only a few studies have considered it with sampled flow traffic. In our study, we investigate the use of an artificial neural network (ANN)based classifier to improve the accuracy of flow-based anomaly detection in sampled traffic. A feedback from the ANN-based anomaly detector determines the type of the flow sampling method that should be used. Our proposed technique handles malicious flows and benign flows with different sampling methods. To evaluate the proposed sampling technique, a number of flow-based datasets are generated. Our experiments confirm that the proposed technique improves the percentage of the sampled malicious flows by about 7% and it can preserve the majority of traffic information.
“…The accuracy of the proposed MABIDS is calculated for both KDD Cup and CAIDA data sets, and the results are shown in Figure . From this evaluation, it is observed that the results of MAVIDS with CAIDA data set provides higher accuracy when compared with MABIDS with KDD Cup data set.…”
Ontologies play an essential role in knowledge sharing and exploration, especially in multiagent systems. Intrusion is an unauthorized activity in a network, which is achieved by either active manner (information gathering) or passive manner (harmful packet forwarding). Most of the existing intrusion detection system (IDS) suffers from the following issues: it is usually adjusted to detect known service level network attacks and leaves from vulnerable to original and novel malicious attacks. Thus, it provides low accuracy and detection rate, which are the important problems of existing IDS. To overwhelm these drawbacks, an ontology-based multiagent IDS framework is developed in this work for intrusion detection. The main intention of this work is to detect the network attacks with the help of multiple detection agents. In this analysis, there are 3 different types of agents, ie, IDS broker, deputy commander, and response agent, which are used to prevent and detect the attacks in a network. The novel concept of this work is based on the concept of signature matching; it identifies and detects the attackers with the help of multiple agents.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.