Anomaly Detection Using Multi-Level and Multi-Dimensional Analyzing of Network Traffic

Zheng Liming; Zou Peng; Jia Yan

Journal of Computer Research and Development > 2011 > 48(8): 1506-1516.

Zheng Liming, Zou Peng, Jia Yan. Anomaly Detection Using Multi-Level and Multi-Dimensional Analyzing of Network Traffic[J]. Journal of Computer Research and Development, 2011, 48(8): 1506-1516.

Citation:

Zheng Liming, Zou Peng, Jia Yan. Anomaly Detection Using Multi-Level and Multi-Dimensional Analyzing of Network Traffic[J]. Journal of Computer Research and Development, 2011, 48(8): 1506-1516.

Citation:

Zheng Liming, Zou Peng, Jia Yan. Anomaly Detection Using Multi-Level and Multi-Dimensional Analyzing of Network Traffic[J]. Journal of Computer Research and Development, 2011, 48(8): 1506-1516.

PDF (1627 KB)

Anomaly Detection Using Multi-Level and Multi-Dimensional Analyzing of Network Traffic

1(College of Computer, National University of Defense Technology, Changsha 410073) 2(Academy of Equipment Command and Technology, Beijing 100029)

More Information

Published Date: August 14, 2011

Graphical Abstract

Abstract

Abstract

With the rapid growth of the categories and numbers of network attacks and the increasing network bandwidth, network traffic anomaly detection systems confront with both higher false positive rate and false negative rate. A traffic anomaly detection system with high precision is presented in this paper. Firstly, we use multi-level and multi-dimensional online OLAP method to analyse traffic data. In order to reduce the computational and space complexity in this analytical process, some optimization strategies are applied in building DetectCube, the minimal directed Steiner tree algorithm is adapted to optimize multiple query on the Cube, and the traffic data is summarized at appropriate level with the help of discovery-driven exploration method. Secondly, a concept of entropy to measure the distribution of traffic on some particular dimensions is given and the values of entropy in every window and every Group-By operation are collected to form multiple time series of entropy. Finally, we employ one-class support vector machine to classify this multi-dimensional time series of entropy to achieve the purpose of anomaly detection. The proposed traffic anomaly detection system is validated and evaluated by comparing it with existed systems derived from a lot of real network traffic data sets. Our system can detect attacks with high accuracy and efficiency.
- traffic anomaly detection,
- entropy,
- DetectCube,
- OLAP,
- one-class support vector machine

FullText(HTML)

References (0)

[1]	Xu He, Wu Di, Lu Jiwu, Li Renfa. An Intrusion Detection Algorithm and Its Hardware Acceleration for CAN in Vehicles[J]. Journal of Computer Research and Development, 2023, 60(12): 2783-2796. DOI: 10.7544/issn1000-1239.202220035
[2]	Yin Shenglin, Zhang Xinglan, Zuo Liyu. Intrusion Detection System for Dual Route Deep Capsule Network[J]. Journal of Computer Research and Development, 2022, 59(2): 418-429. DOI: 10.7544/issn1000-1239.20200825
[3]	Ren Jiadong, Liu Xinqian, Wang Qian, He Haitao, Zhao Xiaolin. An Multi-Level Intrusion Detection Method Based on KNN Outlier Detection and Random Forests[J]. Journal of Computer Research and Development, 2019, 56(3): 566-575. DOI: 10.7544/issn1000-1239.2019.20180063
[4]	Shi Shengfei, Zhang Wei, Li Jianzhong. A Complex Event Detection Algorithm Based on Correlation Analysis[J]. Journal of Computer Research and Development, 2014, 51(8): 1871-1879. DOI: 10.7544/issn1000-1239.2014.20120813
[5]	Wang Qi'an and Chen Bing. Intrusion Detection System Using CVM Algorithm with Extensive Kernel Methods[J]. Journal of Computer Research and Development, 2012, 49(5): 974-982.
[6]	Mao Guojun and Zong Dongjun. An Intrusion Detection Model Based on Mining Multi-Dimension Data Streams[J]. Journal of Computer Research and Development, 2009, 46(4): 602-609.
[7]	Li Qinghua and Zhao Feng. The PBL Method: A Novel Parallel Error Detection Method for Intrusion Tolerance Systems[J]. Journal of Computer Research and Development, 2006, 43(8): 1411-1416.
[8]	Yang Wu, Yun Xiaochun, Li Jianhua. An Efficient Approach to Intrusion Detection Based on Boosting Rule Learning[J]. Journal of Computer Research and Development, 2006, 43(7): 1252-1259.
[9]	Mu Chengpo, Huang Houkuan, and Tian Shengfeng. A Survey of Intrusion-Detection Alert Aggregation and Correlation Techniques[J]. Journal of Computer Research and Development, 2006, 43(1): 1-8.
[10]	Wang Jin, Li Dequan, and Feng Dengguo. An Autonomous Agent-Based Adaptive Distributed Intrusion Detection System[J]. Journal of Computer Research and Development, 2005, 42(11): 1934-1939.