Unsupervised Labeling for Supervised Anomaly Detection in Enterprise and Cloud Networks

Baek, Sunhee; Kwon, Donghwoon; Kim, Jin Oh; Suh, Sang C.; Kim, Hyun‐Joo; Kim, Ikkyun

doi:10.1109/cscloud.2017.26

Cited by 26 publications

(19 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This technique assumes that there are two classes of entities for normal and abnormal behavior. Normally, a model is constructed for the normal and anomaly classes, after which the data not previously studied are compared to both classes to find out the one to which one it belongs [22].…”

Section: Background On Network Anomaly Detection Methodsmentioning

confidence: 99%

A Software Deep Packet Inspection System for Network Traffic Analysis and Anomaly Detection

Song

Beshley

Przystupa

et al. 2020

Sensors

View full text Add to dashboard Cite

In this paper, to solve the problem of detecting network anomalies, a method of forming a set of informative features formalizing the normal and anomalous behavior of the system on the basis of evaluating the Hurst (H) parameter of the network traffic has been proposed. Criteria to detect and prevent various types of network anomalies using the Three Sigma Rule and Hurst parameter have been defined. A rescaled range (RS) method to evaluate the Hurst parameter has been chosen. The practical value of the proposed method is conditioned by a set of the following factors: low time spent on calculations, short time required for monitoring, the possibility of self-training, as well as the possibility of observing a wide range of traffic types. For new DPI (Deep Packet Inspection) system implementation, algorithms for analyzing and captured traffic with protocol detection and determining statistical load parameters have been developed. In addition, algorithms that are responsible for flow regulation to ensure the QoS (Quality of Services) based on the conducted static analysis of flows and the proposed method of detection of anomalies using the parameter Hurst have been developed. We compared the proposed software DPI system with the existing SolarWinds Deep Packet Inspection for the possibility of network traffic anomaly detection and prevention. The created software components of the proposed DPI system increase the efficiency of using standard intrusion detection and prevention systems by identifying and taking into account new non-standard factors and dependencies. The use of the developed system in the IoT communication infrastructure will increase the level of information security and significantly reduce the risks of its loss.

show abstract

Section: Background On Network Anomaly Detection Methodsmentioning

confidence: 99%

A Software Deep Packet Inspection System for Network Traffic Analysis and Anomaly Detection

Song

Beshley

Przystupa

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…[1] The authors used Python written Theano as a deep learning framework and selected RNN to be used because of high amount of dimensions in the data. They selected NSL-KDD dataset to be used during tests, as it resolves KDDCup99 dataset known problems, such as inherent redundant records [1,[5][6][7]. NSL-KDD dataset includes 41 variables, of which 38 are numeric and 3 non-numeric.…”

Section: Network Anomaly Detection With Deep Learningmentioning

confidence: 99%

“…They stated that, because of IDSs lack of ability to detect earlier unknown attacks, the research community is moving towards the machine learning based smart IDS, which can adopt new and constantly changing network attacks and reduces the existing problem from occurring. [4][5][6][7] The authors proposed AE with stochastic anomaly threshold determination algorithm. They tested and compared performance of stochastic and deterministic AE's with the proposed algorithm.…”

Section: Xiaoyong Yuan Et Al Proposed Bidirectional Recurrent Neuralmentioning

confidence: 99%

State of the Art Literature Review on Network Anomaly Detection with Deep Learning

Bodström

Hämäläinen

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

As network attacks are evolving along with extreme growth in the amount of data that is present in networks, there is a significant need for faster and more effective anomaly detection methods. Even though current systems perform well when identifying known attacks, previously unknown attacks are still difficult to identify under occurrence. To emphasize, attacks that might have more than one ongoing attack vectors in one network at the same time, or also known as APT (Advanced Persistent Threat) attack, may be hardly notable since it masquerades itself as legitimate traffic. Furthermore, with the help of hiding functionality, this type of attack can even hide in a network for years. Additionally, the expected number of connected devices as well as the fast-paced development caused by the Internet of Things, raises huge risks in cyber security that must be dealt with accordingly. When considering all above-mentioned reasons, there is no doubt that there is plenty of room for more advanced methods in network anomaly detection hence Deep Learning based techniques have been proposed recently in detecting anomalies.

show abstract

“…A large body of studies employed clustering for intrusion/anomaly detection [27,28,29,30,31]. The main focus of many of the past studies was on identifying intrusive events individually with a trained model consisting of normal or anomalous behaviors.…”

Section: Related Workmentioning

confidence: 99%

“…Clustering has been employed for network anomaly detection in previous studies [32,27,29,31]. The main focus of the past studies is on determining whether individual connections are anomalous or not.…”

Section: Anomalous State Detection Using Clustered Patternsmentioning

confidence: 99%

Multivariate network traffic analysis using clustered patterns

et al. 2018

Self Cite

View full text Add to dashboard Cite

Tra c analysis is a core element in network operations and management for various purposes including change detection, tra c prediction, and anomaly detection. In this paper, we introduce a new approach to online tra c analysis based on a pattern-based representation for high-level summarization of the tra c measurement data. Unlike the past online analysis techniques limited to a single variable to summarize (e.g., sketch), the focus of this study is on capturing the network state from the multivariate attributes under consideration. To this end, we employ clustering with its benefit of the aggregation of multidimensional variables. The clustered result represents the state of the network with regard to the monitored variables, which can also be compared with the observed patterns from previous time windows enabling intuitive analysis. We demonstrate the proposed method with two popular use cases, one for estimating state changes and the other for identifying anomalous states, to confirm its feasibility. Our extensive experimental results with public traces and collected monitoring measurements from ESnet tra c traces show that our pattern-based approach is e↵ective for multivariate analysis of online network tra c with visual and quantitative tools. 1 Introduction Monitoring network tra c is an integral part of network operations and management. The basic requirement for network monitoring is to e↵ectively capture the tra c dynamics in a timely manner. For exam

show abstract

Unsupervised Labeling for Supervised Anomaly Detection in Enterprise and Cloud Networks

Cited by 26 publications

References 7 publications

A Software Deep Packet Inspection System for Network Traffic Analysis and Anomaly Detection

A Software Deep Packet Inspection System for Network Traffic Analysis and Anomaly Detection

State of the Art Literature Review on Network Anomaly Detection with Deep Learning

Multivariate network traffic analysis using clustered patterns

Contact Info

Product

Resources

About