Risk Leveling of Network Traffic Anomalies

Summary The goal of intrusion detection is to identify attempted or ongoing attacks on a computer system or network. Many attacks aim to compromise computer networks in an online manner. Traffic anomalies have been an important indication of such attacks. Challenges in the detections lie in modeling of the large continuous streams of data and performing anomaly detection in an online manner. This paper presents a data mining technique to assess the risks of local anomalies based on synopsis obtained from a global spatiotemporal modeling approach. The proposed model is proactive in the detection of various types of traffic related attacks such as distributed denial of service (DDoS). It is incremental, scalable and thus suitable for online processing. Algorithm analysis shows the time efficiency of the proposed technique. The experiments conducted with a DARPA dataset demonstrate that compared with a frequency based anomaly detection model, the false alarm rate caused by the proposed model is significantly mitigated without losing a high detection rate.

[1]  Graham J. Williams,et al.  On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms , 2000, KDD '00.

[2]  Sridhar Ramaswamy,et al.  Efficient algorithms for mining outliers from large data sets , 2000, SIGMOD '00.

[3]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[4]  Vipin Kumar,et al.  Introduction to Data Mining , 2022, Data Mining and Machine Learning Applications.

[5]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD '00.

[6]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[7]  Philip S. Yu,et al.  Online mining of data streams: applications, techniques and progress , 2005, 21st International Conference on Data Engineering (ICDE'05).

[8]  Jie Huang,et al.  Rare Event Detection in a Spatiotemporal Environment , 2006, 2006 IEEE International Conference on Granular Computing.

[9]  Hongxing He,et al.  Outlier Detection Using Replicator Neural Networks , 2002, DaWaK.

[10]  Padhraic Smyth,et al.  From Data Mining to Knowledge Discovery: An Overview , 1996, Advances in Knowledge Discovery and Data Mining.

[11]  Graham J. Williams,et al.  On-Line Unsupervised Outlier Detection Using Finite Mixtures with Discounting Learning Algorithms , 2000, KDD '00.

[12]  Eamonn J. Keogh,et al.  Finding surprising patterns in a time series database in linear time and space , 2002, KDD.

[13]  A. Hadi,et al.  BACON: blocked adaptive computationally efficient outlier nominators , 2000 .

[14]  Maja J. Mataric,et al.  Coordinating mobile robot group behavior using a model of interaction dynamics , 1999, AGENTS '99.

[15]  Jie Huang,et al.  Extensible Markov model , 2004, Fourth IEEE International Conference on Data Mining (ICDM'04).

[16]  Nong Ye,et al.  A Markov Chain Model of Temporal Behavior for Anomaly Detection , 2000 .

[17]  Margaret H. Dunham,et al.  Data Mining: Introductory and Advanced Topics , 2002 .

[18]  Raymond T. Ng,et al.  Algorithms for Mining Distance-Based Outliers in Large Datasets , 1998, VLDB.

[19]  Tian Zhang,et al.  BIRCH: an efficient data clustering method for very large databases , 1996, SIGMOD '96.

[20]  U. Fayyad Knowledge Discovery and Data Mining: An Overview , 1995 .