Title :
Designing a two-level monitoring method to detect network abnormal behaviors
Author :
Soo-Yeon Ji ; Seonho Choi ; Dong Hyun Jeong
Author_Institution :
Bowie State Univ., Bowie, MD, USA
Abstract :
Monitoring network traffic behavior is very critical for securing computing infrastructures. In this paper, we focus on enhancing the way of detecting anomalous network traffic behaviors by proposing a new two-level detection method that consists of abnormality detection and exact attack type identification. The abnormality detection is performed with the rules generated by Classification and Regression Trees (CART). Then, Support Vector Machine (SVM) is applied to design a predictive model to identify exact attack types (among DoS, U2R, R2L, and Probes). Since feature extraction is an important step for designing an efficient predictive model, we used Higuchi fractal dimension and statistical measures (mean, median, and standard deviation) with an overlapping sliding window operation to extract features. Among the extracted features, only significant features are selected by applying statistical analysis and used to design a predictive model. As results, we found that our approach shows about 80.03% accuracy in detecting network abnormal behaviors. From a comparative study, we concluded that our proposed SVM-based predictive model is superior to a broadly known NN-based predictive model for identifying exact types of attacks.
Keywords :
computer network security; feature selection; regression analysis; support vector machines; telecommunication traffic; trees (mathematics); CART; DoS attack; Higuchi fractal dimension; Probes attack; R2L attack; SVM-based predictive model; U2R attack; abnormality detection; anomalous network traffic behavior detection; attack type identification; classification-and-regression trees; computing infrastructure security; feature extraction; feature selection; mean measure; median measure; network abnormal behavior detection; network traffic behavior monitoring; overlapping sliding window operation; standard deviation; statistical analysis; statistical measures; support vector machine; two-level detection method; two-level monitoring method; Accuracy; Feature extraction; Fractals; Predictive models; Support vector machines; Testing; Training;
Conference_Titel :
Information Reuse and Integration (IRI), 2014 IEEE 15th International Conference on
Conference_Location :
Redwood City, CA
DOI :
10.1109/IRI.2014.7051958