Network Anomaly Detection Using One Class Support Vector Machine

Anomaly detection is automatic identification of the abnormal behaviors embedded in a large amount of normal data. This paper presents a method based on one class support vector machine (OCSVM) for detecting network anomalies. The telecommunication network performance data are used for the investigation. Firstly, the raw data are preprocessed in order to produce the vector sets required by the OCSVM algorithm. After preprocessing, the vector set of the training data is used to train the OCSVM detector, which is capable of learning the nominal behaviors of the data. The trained detector is then applied on the test data to detect the anomalies. The detected anomalies are finally categorized into major or minor level by comparing with a threshold. In this paper, experiments on three different types of performance data are presented and the results demonstrate the promising performance of the algorithm.

[1]  Malik Yousef,et al.  One-Class SVMs for Document Classification , 2002, J. Mach. Learn. Res..

[2]  Philip Chan,et al.  Learning States and Rules for Detecting Anomalies in Time Series , 2005, Applied Intelligence.

[3]  Jianmin Jiang,et al.  Anomaly Detection in Telecommunication Network Performance Data , 2007, IC-AI.

[4]  Cyrus Shahabi,et al.  TSA-tree: a wavelet-based approach to improve the efficiency of multi-level surprise and trend queries on time-series data , 2000, Proceedings. 12th International Conference on Scientific and Statistica Database Management.

[5]  Oscar Castillo,et al.  Proceedings of the International MultiConference of Engineers and Computer Scientists 2007, IMECS 2007, March 21-23, 2007, Hong Kong, China , 2007, IMECS.

[6]  Eamonn J. Keogh,et al.  Finding surprising patterns in a time series database in linear time and space , 2002, KDD.

[7]  Sung-Bae Cho,et al.  Evolutionary neural networks for anomaly detection based on the behavior of a program , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[8]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[9]  J. Ma,et al.  Time-series novelty detection using one-class support vector machines , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[10]  Chih-Jen Lin,et al.  Asymptotic Behaviors of Support Vector Machines with Gaussian Kernel , 2003, Neural Computation.

[11]  Salvatore J. Stolfo,et al.  One Class Support Vector Machines for Detecting Anomalous Windows Registry Accesses , 2003 .

[12]  Wei Xu,et al.  Improving one-class SVM for anomaly detection , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[13]  Vladimir Vapnik,et al.  An overview of statistical learning theory , 1999, IEEE Trans. Neural Networks.

[14]  Qingtao Wu,et al.  Network Anomaly Detection Using Time Series Analysis , 2005, Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services - (icas-isns'05).