Outliers detection in network services with self-learned profiles

Wireless communication networks and services suffer from multiple kinds of security attacks which cannot be handled only at the wireless protocol level. This paper proposes an intrusion detection system that self-learns the user profiles using machine learning techniques. The system applies knowledge discovery techniques to generate a compact user profile offline. The profile is used to detect intrusions offline and online. Security breaches and ongoing attacks are identified detecting outlier activities in relation to the user profile and to immediate forecast behaviour. The later one provides a very fast warning, which is validated by the slower and more precise profile based online system. They are complemented by the slowest offline system, which is capable of maintaining updated user profiles. The system was implement using RStudio, and was tested using the 2014 Dendalion big data challenge dataset publicly available. The results show that the offline system has an outlier detection accuracy above 99% and that the online system was able to distinguish outlier activity from the users' own activity.

[1]  Filip De Turck,et al.  Network Function Virtualization: State-of-the-Art and Research Challenges , 2015, IEEE Communications Surveys & Tutorials.

[2]  R. Suganya,et al.  Data Mining Concepts and Techniques , 2010 .

[3]  Helena Rifà-Pous,et al.  A Comparative Study of Anomaly Detection Techniques for Smart City Wireless Sensor Networks , 2016, Sensors.

[4]  K. McLaughlin,et al.  Multiattribute SCADA-Specific Intrusion Detection System for Power Networks , 2014, IEEE Transactions on Power Delivery.

[5]  Gabriel Maciá-Fernández,et al.  Tackling the Big Data 4 vs for anomaly detection , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[6]  Helena Rifà-Pous,et al.  An architecture for the analysis and detection of anomalies in smart city WSNs , 2015, 2015 IEEE First International Smart Cities Conference (ISC2).

[7]  Prasan Kumar Sahoo,et al.  Big data analytic architecture for intruder detection in heterogeneous wireless sensor networks , 2016, J. Netw. Comput. Appl..

[8]  Eamonn J. Keogh,et al.  Exact indexing of dynamic time warping , 2002, Knowledge and Information Systems.

[9]  EMMANOUIL VASILOMANOLAKIS,et al.  Taxonomy and Survey of Collaborative Intrusion Detection , 2015, ACM Comput. Surv..

[10]  Toni Giorgino,et al.  Computing and Visualizing Dynamic Time Warping Alignments in R: The dtw Package , 2009 .

[11]  Magnus Almgren,et al.  METIS: a two-tier intrusion detection system for advanced metering infrastructures , 2014 .

[12]  Elyes Ben Hamida,et al.  Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice , 2016, Sensors.

[13]  Shenghuo Zhu,et al.  A survey on wavelet applications in data mining , 2002, SKDD.

[14]  Xiao-yun Chen,et al.  Multi-scale anomaly detection algorithm based on infrequent pattern of time series , 2008 .

[15]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[16]  Rob J Hyndman,et al.  Automatic Time Series Forecasting: The forecast Package for R , 2008 .

[17]  Victoria J. Hodge,et al.  A Survey of Outlier Detection Methodologies , 2004, Artificial Intelligence Review.

[18]  Mourad Khayati,et al.  Online Anomaly Detection over Big Data Streams , 2019, Applied Data Science.

[19]  Esraa Alomari,et al.  Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art , 2012, ArXiv.

[20]  Jonathon Shlens,et al.  A Tutorial on Principal Component Analysis , 2014, ArXiv.