Title :
Anomaly detection in IP networks with principal component analysis
Author :
Issariyapat, Chavee ; Fukuda, Kensuke
Author_Institution :
Nat. Electron. & Comput. Technol. Center, Pathumthani, Thailand
Abstract :
In this paper, we study the application of PCA to the IP network anomaly detection. The algorithm is based on detecting changes in traffic feature distribution aggregated by sample entropy. This method of detection has originally been proposed to detect anomalous traffic on origin-destination flows in backbone networks. We have adjusted the algorithm so that it works with network traffic captured from a single network interface. This makes the algorithm possible to be implemented in any IP networks. The experimental result shows that our implementation can detect some types of known anomaly. As the algorithm is also able to detect unknown types of anomaly, it is also possible to be implemented as preliminary detection system.
Keywords :
IP networks; entropy; principal component analysis; telecommunication security; telecommunication traffic; IP network anomaly detection; PCA technique; anomalous traffic feature distribution aggregation; experimental result; origin-destination flow; preliminary detection system; principal component analysis; sample entropy; single network interface; Computer networks; Electronic mail; IP networks; Informatics; Network interfaces; Predictive models; Principal component analysis; Signal processing algorithms; Telecommunication traffic; Traffic control;
Conference_Titel :
Communications and Information Technology, 2009. ISCIT 2009. 9th International Symposium on
Conference_Location :
Icheon
Print_ISBN :
978-1-4244-4521-9
Electronic_ISBN :
978-1-4244-4522-6
DOI :
10.1109/ISCIT.2009.5341079
