Traffic Anomaly Detection Using Multi-Dimensional Entropy Classification in Backbone Network

Zheng Liming; Zou Peng; Han Weihong; Li Aiping; Jia Yan

Journal of Computer Research and Development > 2012 > 49(9): 1972-1981.

Zheng Liming, Zou Peng, Han Weihong, Li Aiping, Jia Yan. Traffic Anomaly Detection Using Multi-Dimensional Entropy Classification in Backbone Network[J]. Journal of Computer Research and Development, 2012, 49(9): 1972-1981.

Citation:

PDF (2997 KB)

Traffic Anomaly Detection Using Multi-Dimensional Entropy Classification in Backbone Network

1(College of Computer, National University of Defense Technology, Changsha 410073) 2(Academy of Equipment Command and Technology, Beijing 100029)

More Information

Published Date: September 14, 2012

Graphical Abstract

Abstract

Abstract

Traffic anomaly detection require not only high detection rate but also low false alarm rate in high speed backbone networks. A multi-dimensional entropy classification method is proposed to satisfy this demand, which uses entropy to measure the distribution of traffic in some traffic dimensions. An efficient algorithm is introduced to estimate entropy with low computational and space complexity. The values of entropy of all dimensions are collected to form a detection vector in each sliding window, then all detection vectors are classified into two groups: abnormal vectors and normal vectors via one-class support vector machine. In order to achieve the goal of accuracy and reduce false positive rate, we utilize a multi-windows correlation algorithm to calculate a comprehensive anomaly score when observing a sequence of windows. Some real-world traces are used to validate and evaluate the effectiveness and accuracy of this detection system through two experiments. Results of the first experiment demonstrate the effectiveness of the detection system and show that the time and space grow relatively flat as traffic and attack increase. Compared with the exited systems in the second experiment, the accuracy of the system is evaluated and our system is the most accurate method.
- traffic anomaly detection,
- entropy,
- time series,
- one-class support vector machine,
- multi-windows correlation

FullText(HTML)

References (0)

[1]	Wang Fang, Wang Peiqun, Zhu Chunjie. Study and Implementation of Frequent Sequences Mining Based Prefetching Algorithm[J]. Journal of Computer Research and Development, 2016, 53(2): 443-448. DOI: 10.7544/issn1000-1239.2016.20148040
[2]	Ding Zhaoyun, Jia Yan, Zhou Bin. Survey of Data Mining for Microblogs[J]. Journal of Computer Research and Development, 2014, 51(4): 691-706.
[3]	Liao Guoqiong, Wu Lingqin, Wan Changxuan. Frequent Patterns Mining over Uncertain Data Streams Based on Probability Decay Window Model[J]. Journal of Computer Research and Development, 2012, 49(5): 1105-1115.
[4]	Zhu Ranwei, Wang Peng, and Liu Majin. Algorithm Based on Counting for Mining Frequent Items over Data Stream[J]. Journal of Computer Research and Development, 2011, 48(10): 1803-1811.
[5]	Hu Wenyu, Sun Zhihui, Wu Yingjie. Study of Sampling Methods on Data Mining and Stream Mining[J]. Journal of Computer Research and Development, 2011, 48(1): 45-54.
[6]	Yang Bei, Huang Houkuan. Mining Top-K Significant Itemsets in Landmark Windows over Data Streams[J]. Journal of Computer Research and Development, 2010, 47(3): 463-473.
[7]	Liu Xuejun, Xu Hongbing, Dong Yisheng, Qian Jiangbo, Wang Yongli. Mining Frequent Closed Patterns from a Sliding Window over Data Streams[J]. Journal of Computer Research and Development, 2006, 43(10): 1738-1743.
[8]	Zhao Chuanshen, Sun Zhihui, and Zhang Jing. Frequent Subtree Mining Based on Projected Branch[J]. Journal of Computer Research and Development, 2006, 43(3): 456-462.
[9]	Liu Xuejun, Xu Hongbing, Dong Yisheng, Wang Yongli, Qian Jiangbo. Mining Frequent Patterns in Data Streams[J]. Journal of Computer Research and Development, 2005, 42(12): 2192-2198.
[10]	Wang Wei, Zhou Haofeng, Yuan Qingqing, Lou Yubo, and Sui Baile. Mining Frequent Patterns Based on Graph Theory[J]. Journal of Computer Research and Development, 2005, 42(2): 230-235.