Title :
Time series analysis based models for network abnormal traffic detection
Author :
Bahaa-Eldin, Ayman Mohammad
Author_Institution :
Comput. & Syst. Eng. Dept., Ain Shams Univ., Cairo, Egypt
fDate :
Nov. 29 2011-Dec. 1 2011
Abstract :
Intrusion detection and monitoring systems produce hundreds or even thousands of events every day. Unfortunately, most of these events are false positives, or irrelevant and can be considered as background noise, which makes their correlation, analysis and investigation very complicated and resource consuming. This paper presents modeling of background noise using the Non-Stationary time series analysis with lag smoothing Kalman filter then introduces a second technique applying a multi-layered perceptron neural network with back propagation learning to model and correlate the background noise. DARPA Dataset is used to analyze and compare both techniques and finally a verification experiment is conducted using a gathered dataset from a real network environment. Comparisons show that the proposed neural model outperforms the non-stationary time series model.
Keywords :
Kalman filters; backpropagation; multilayer perceptrons; security of data; time series; DARPA dataset; background noise; backpropagation learning; intrusion detection; intrusion monitoring; lag smoothing Kalman filter; multilayered perceptron neural network; network abnormal traffic detection model; time series analysis; Analytical models; Artificial neural networks; Computational modeling; Kalman filters; Monitoring; Time series analysis; Training; Alert Correlation; Intrusion Detection; Neural Networks; Time Series Analysis;
Conference_Titel :
Computer Engineering & Systems (ICCES), 2011 International Conference on
Conference_Location :
Cairo
Print_ISBN :
978-1-4577-0127-6
DOI :
10.1109/ICCES.2011.6141013
