Outlier Detection in Network Traffic Monitoring

Network traffic monitoring becomes, year by year, an increasingly more important branch of network infrastructure maintenance. There exist many dedicated tools for on-line network traffic monitoring that can defend the typical (and known) types of attacks by blocking some parts of the traffic immediately. However, there may occur some yet unknown risks in network traffic whose statistical description should be reflected as slow-intime changing characteristics. Such non-rapidly changing variable values probably should not be detectable by on–line tools. Still, it is possible to detect these changes with the data mining method. In the paper the popular anomaly detection methods with the application of the moving window procedure are presented as one of the approaches for anomaly (outlier) detection in network traffic monitoring. The paper presents results obtained on the real outer traffic data, collected in the Institute.

[1]  Zhi-Hua Zhou,et al.  Isolation Forest , 2008, 2008 Eighth IEEE International Conference on Data Mining.

[2]  Sridhar Ramaswamy,et al.  Efficient algorithms for mining outliers from large data sets , 2000, SIGMOD '00.

[3]  B. Rosner Percentage Points for a Generalized ESD Many-Outlier Procedure , 1983 .

[4]  A. Madansky Identification of Outliers , 1988 .

[5]  F. E. Grubbs Procedures for Detecting Outlying Observations in Samples , 1969 .

[6]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[7]  Raymond T. Ng,et al.  Algorithms for Mining Distance-Based Outliers in Large Datasets , 1998, VLDB.

[8]  Bernhard Schölkopf,et al.  Support Vector Method for Novelty Detection , 1999, NIPS.

[9]  W. R. Buckland,et al.  Outliers in Statistical Data , 1979 .

[10]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[11]  A. Raftery,et al.  Nearest-Neighbor Clutter Removal for Estimating Features in Spatial Point Processes , 1998 .

[12]  Marcin Michalak,et al.  Anomaly Detection in Network Traffic Security Assurance , 2019, DepCoS-RELCOMEX.

[13]  R Core Team,et al.  R: A language and environment for statistical computing. , 2014 .

[14]  Nadhem J. AlFardan,et al.  Security Operations Center: Building, Operating, and Maintaining your SOC , 2015 .

[15]  Xiaoqin Zhang,et al.  RKOF: Robust Kernel-Based Local Outlier Detection , 2011, PAKDD.

[16]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD '00.

[17]  Malik Beshir Malik,et al.  Applied Linear Regression , 2005, Technometrics.