Using Ant Colony Optimization metaheuristic and Dynamic Time Warping for anomaly detection

Author

Carvalho, Luiz F. ; Rodrigues, Joel J. P. C. ; Barbon, Sylvio ; Lemes Proenca, Mario

Author_Institution

Comput. Sci. Dept., State Univ. of Londrina (UEL), Londrina, Brazil

fYear

2013

fDate

18-20 Sept. 2013

Firstpage

1

Lastpage

5

Abstract

Traffic monitoring is an essential tool to ensure network availability and its correct operation. To accomplish this task automatically, we present the DSNSF (Digital Signature of Network Segment using Flow analysis), which characterizes the normal behavior of network traffic. For the DSNSF creation a modification of Ant Colony Optimization metaheuristic is used, which improves the extraction of information, defining a normal profile. Furthermore, we propose a model based on DTW (Dynamic Time Warping) pattern matching technique for anomaly detecting, allowing the recognition of deviant behavior moving in time and those who are punctual. The anomaly notifications are multilevel, in order not to overload the network administrator with false reports. To evaluate the proposed system, IP flows from a real data set were used.

Keywords

IP networks; ant colony optimisation; computer network reliability; computer network security; digital signatures; pattern matching; telecommunication traffic; DSNSF; DTW pattern matching technique; IP flow; anomaly detection; ant colony optimization metaheuristic modification; deviant behavior recognition; digital signature of network segment using flow analysis; dynamic time warping pattern matching technique; information extraction; network availability; network traffic monitoring;

fLanguage

English

Publisher

ieee

Conference_Titel

Software, Telecommunications and Computer Networks (SoftCOM), 2013 21st International Conference on

Conference_Location

Primosten

Type

conf

DOI

10.1109/SoftCOM.2013.6671906

Filename

6671906