Applying Catastrophe Theory for Network Anomaly Detection in Cloud Computing Traffic

In spite of the tangible advantages of cloud computing, it is still vulnerable to potential attacks and threats. In light of this, security has turned into one of the main concerns in the adoption of cloud computing. Therefore, an anomaly detection method plays an important role in providing a high protection level for network security. One of the challenges in anomaly detection, which has not been seriously considered in the literature, is applying the dynamic nature of cloud traffic in its prediction while maintaining an acceptable level of accuracy besides reducing the computational cost. On the other hand, to overcome the issue of additional training time, introducing a high-speed algorithm is essential. In this paper, a network traffic anomaly detection model grounded in Catastrophe Theory is proposed. This theory is effective in depicting sudden change processes of the network due to the dynamic nature of the cloud. Exponential Moving Average (EMA) is applied for the state variable in sliding window to better show the dynamicity of cloud network traffic. Entropy is used as one of the control variables in catastrophe theory to analyze the distribution of traffic features. Our work is compared with Wei Xiong et al.’s Catastrophe Theory and achieved a maximum improvement in the percentage of Detection Rate in week 4 Wednesday (7.83%) and a 0.31% reduction in False Positive Rate in week 5 Monday. Additional accuracy parameters are checked and the impact of sliding window size in sensitivity and specificity is considered.

[1]  Hai Jin,et al.  Automated Approach to Intrusion Detection in VM-based Dynamic Execution Environment , 2012, Comput. Informatics.

[2]  Marília Curado,et al.  Online traffic prediction in the cloud , 2016, Int. J. Netw. Manag..

[3]  Weishi Zhang,et al.  An Anomaly Intrusion Detection Method Based on Improved K-Means of Cloud Computing , 2016, 2016 Sixth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC).

[4]  Tanja Zseby,et al.  Analysis of network traffic features for anomaly detection , 2014, Machine Learning.

[5]  Naixue Xiong,et al.  An anomaly-based detection in ubiquitous network using the equilibrium state of the catastrophe theory , 2011, The Journal of Supercomputing.

[6]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[7]  Marília Curado,et al.  Online Traffic Prediction in the Cloud: A Dynamic Window Approach , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[8]  Qiang Zhang,et al.  The Characteristics of Cloud Computing , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[9]  Sabyasachi Patra,et al.  Machine Learning Approach for Intrusion Detection on Cloud Virtual Machines , 2013 .

[10]  F. Klinker,et al.  Exponential moving average versus moving exponential average , 2011, 2001.04237.

[11]  Jianguo Liu,et al.  A Hybrid Anomaly Detection Framework in Cloud Computing Using One-Class and Two-Class Support Vector Machines , 2012, ADMA.

[12]  H. Sussmann,et al.  Catastrophe theory as applied to the social and biological sciences: A critique , 1978, Synthese.

[13]  Yuehui Chen,et al.  Small-time scale network traffic prediction based on flexible neural tree , 2012, Appl. Soft Comput..

[14]  B. Muthukumar,et al.  Intrusion Detection System (IDS): Anomaly Detection Using Outlier Detection Approach , 2015 .

[15]  Ganesh Kumar,et al.  Anomaly Detection System in Cloud Environment Using Fuzzy Clustering Based ANN , 2015, Mobile Networks and Applications.

[16]  Taeshik Shon,et al.  A hybrid machine learning approach to network anomaly detection , 2007, Inf. Sci..

[17]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[18]  Lior Rokach,et al.  XML-AD: Detecting anomalous patterns in XML documents , 2016, Inf. Sci..

[19]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[20]  Martin Golubitsky,et al.  An Introduction to Catastrophe Theory and Its Applications , 1978 .

[21]  Laksana Tri Handoko,et al.  A performance study of anomaly detection using entropy method , 2016, 2016 International Conference on Computer, Control, Informatics and its Applications (IC3INA).

[22]  M. Deakin Catastrophe theory. , 1977, Science.

[23]  Naixue Xiong,et al.  Network traffic anomaly detection based on catastrophe theory , 2010, 2010 IEEE Globecom Workshops.

[24]  Naixue Xiong,et al.  Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications , 2014, Inf. Sci..

[25]  Fang Binxing An exploratory development on the Hurst parameter variety of network traffic abnormity signal , 2005 .

[26]  M. Rao,et al.  Process Control Engineering: A Textbook for Chemical, Mechanical and Electrical Engineers , 1993 .

[27]  Marília Curado,et al.  Performance Analysis of Network Traffic Predictors in the Cloud , 2016, Journal of Network and Systems Management.

[28]  Shikha Agrawal,et al.  Survey on Anomaly Detection using Data Mining Techniques , 2015, KES.

[29]  Victor Chang,et al.  Towards an Applicability of Current Network Forensics for Cloud Networks: A SWOT Analysis , 2016, IEEE Access.

[30]  Sijing Wang,et al.  A nonlinear catastrophe model of instability of planar-slip slope and chaotic dynamical mechanisms of its evolutionary process , 2001 .

[31]  René Thom,et al.  Structural Stability, Catastrophe Theory, and Applied Mathematics , 1977 .

[32]  Marília Curado,et al.  Expedite feature extraction for enhanced cloud anomaly detection , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.

[33]  P. Ganeshkumar,et al.  Adaptive Neuro-Fuzzy-Based Anomaly Detection System in Cloud , 2016, Int. J. Fuzzy Syst..