Title :
A new method of data preprocessing and anomaly detection
Author :
Zheng, Jun ; Hu, Ming-Zeng ; Zhang, Hong-Li
Author_Institution :
Comput. Network & Inf. Security Tech. Res. Center, Harbin Inst. of Technol., China
Abstract :
Data preprocessing including feature extraction is the first significant step in anomaly detection where normal profiles needed to be constructed. This paper defined a sort of traffic flow to be the anomaly event unit of preprocessing, making the data preprocessing module more efficient and robust. Based on TCP flows, the paper introduces a novel methodology to analysis the feature attributes of network traffic flow with some new techniques, including a novel quantization model of TCP states. Integrating with data preprocessing, we construct an anomaly detection algorithm with SOFM and applied the detection frame to DARPA intrusion detection evaluation data. We train SOFM to exploit the normal profile distributions of network traffic, and then the test data with attack-instances embedded is utilized. It is shown that the network attacks are detected with more efficiency and relatively low false alarms.
Keywords :
computer networks; feature extraction; security of data; self-organising feature maps; telecommunication traffic; transport protocols; DARPA intrusion detection; TCP states; anomaly detection algorithm; data preprocessing method; feature extraction; network traffic flow; quantization model; self organising feature maps; Computer networks; Data preprocessing; Detection algorithms; Feature extraction; Information security; Intrusion detection; Protocols; Quantization; Telecommunication traffic; Traffic control;
Conference_Titel :
Machine Learning and Cybernetics, 2004. Proceedings of 2004 International Conference on
Print_ISBN :
0-7803-8403-2
DOI :
10.1109/ICMLC.2004.1378297
