A semi-supervised model for network traffic anomaly detection

Author

Nguyen Ha Duong ; Hoang Dang Hai

Author_Institution

Fac. of Inf. & Technol., Nat. Univ. of Civil Eng., Vietnam

fYear

2015

fDate

1-3 July 2015

Firstpage

70

Lastpage

75

Abstract

Network traffic anomaly detection can help to early detect network attacks because hacker´s activities may result in unusual changes of network traffic, that are significant fluctuations compared to normal traffic of the network Among various anomaly detection approaches, principal component analysis (PCA) has been seen as an effective solution. Until now, PCA is basically applied to dimension reduction method. Several issues remain including: how effective can PCA be applied to semi-supervised models with a small training dataset, which components are significant for anomaly detection. This paper proposes a semi-supervised model using a modified Mahanalobis distance based on PCA for network traffic anomaly detection. We propose a K-means clustering method to build normal profile of traffic to improve the training dataset and propose to give weights to choose principal components of PCA.

Keywords

principal component analysis; telecommunication security; telecommunication traffic; K-means clustering; hacker activities; modified Mahanalobis distance; network attacks; network traffic anomaly detection; principal component analysis; semisupervised model; small training dataset; Clustering algorithms; Correlation; Covariance matrices; Eigenvalues and eigenfunctions; Principal component analysis; Training; Training data; Network traffic anomaly; anomaly detection; intrusion detection; network security; semi-supervised model;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Communication Technology (ICACT), 2015 17th International Conference on

Conference_Location

Seoul

Print_ISBN

978-8-9968-6504-9

Type

conf

DOI

10.1109/ICACT.2015.7224759

Filename

7224759