A distributed approach to network anomaly detection based on independent component analysis. (20th June 2013)
- Record Type:
- Journal Article
- Title:
- A distributed approach to network anomaly detection based on independent component analysis. (20th June 2013)
- Main Title:
- A distributed approach to network anomaly detection based on independent component analysis
- Authors:
- Palmieri, Francesco
Fiore, Ugo
Castiglione, Aniello
Xhafa, Fatos
Chen, Xiaofeng
Huang, Xinyi
Kolici, Vladi - Abstract:
- <abstract abstract-type="main" id="cpe3061-abs-0001"> <title>SUMMARY</title> <p>Network anomalies, circumstances in which the network behavior deviates from its normal operational baseline, can be due to various factors such as network overload conditions, malicious/hostile activities, denial of service attacks, and network intrusions. New detection schemes based on machine learning principles are therefore desirable as they can learn the nature of normal traffic behavior and autonomously adapt to variations in the structure of 'normality' as well as recognize the significant deviations as suspicious or anomalous events. The main advantages of these techniques are that, in principle, they are not restricted to any specific environment and that they can provide a way of detecting unknown attacks. Detection performance is directly correlated with the traffic model quality, in terms of ability of representing the traffic behavior from its most characterizing internal dynamics. Starting from these ideas, we developed a two‐stage anomaly detection strategy based on multiple distributed sensors located throughout the network. By using <italic>Independent Component Analysis</italic>, the first step, modeled as a <italic>Blind Source Separation</italic> problem, extracts the fundamental traffic components (the 'source' signals), corresponding to the independent traffic dynamics, from the multidimensional time series incoming from the sensors, corresponding to the perceived<abstract abstract-type="main" id="cpe3061-abs-0001"> <title>SUMMARY</title> <p>Network anomalies, circumstances in which the network behavior deviates from its normal operational baseline, can be due to various factors such as network overload conditions, malicious/hostile activities, denial of service attacks, and network intrusions. New detection schemes based on machine learning principles are therefore desirable as they can learn the nature of normal traffic behavior and autonomously adapt to variations in the structure of 'normality' as well as recognize the significant deviations as suspicious or anomalous events. The main advantages of these techniques are that, in principle, they are not restricted to any specific environment and that they can provide a way of detecting unknown attacks. Detection performance is directly correlated with the traffic model quality, in terms of ability of representing the traffic behavior from its most characterizing internal dynamics. Starting from these ideas, we developed a two‐stage anomaly detection strategy based on multiple distributed sensors located throughout the network. By using <italic>Independent Component Analysis</italic>, the first step, modeled as a <italic>Blind Source Separation</italic> problem, extracts the fundamental traffic components (the 'source' signals), corresponding to the independent traffic dynamics, from the multidimensional time series incoming from the sensors, corresponding to the perceived 'mixed/aggregate' effect of traffic on their interfaces. These components will be used to build the baseline traffic profiles needed in the second supervised phase, based on a binary classification scheme (detection is casted into an anomalous/normal classification problem) driven by machine learning‐inferred decision trees. Copyright © 2013 John Wiley &amp; Sons, Ltd.</p> </abstract> … (more)
- Is Part Of:
- Concurrency and computation. Volume 26:Number 5(2014:Apr.)
- Journal:
- Concurrency and computation
- Issue:
- Volume 26:Number 5(2014:Apr.)
- Issue Display:
- Volume 26, Issue 5 (2014)
- Year:
- 2014
- Volume:
- 26
- Issue:
- 5
- Issue Sort Value:
- 2014-0026-0005-0000
- Page Start:
- 1113
- Page End:
- 1129
- Publication Date:
- 2013-06-20
- Subjects:
- Parallel processing (Electronic computers) -- Periodicals
Parallel computers -- Periodicals
004.35 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/cpe.3061 ↗
- Languages:
- English
- ISSNs:
- 1532-0626
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3405.622000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 4063.xml