Network traffic anomaly detection using machine learning approaches

One of the biggest challenges for both network administrators and researchers is detecting anomalies in network traffic. If they had a tool that could accurately and expeditiously detect these anomalies, they would prevent many of the serious problems caused by them. We conducted experiments in order to study the relationship between interval-based features of network traffic and several types of network anomalies by using two famous machine learning algorithms: the naıve Bayes and k-nearest neighbor. Our findings will help researchers and network administrators to select effective interval-based features for each particular type of anomaly, and to choose a proper machine learning algorithm for their own network system.

[1]  Sara Matzner,et al.  An application of machine learning to network intrusion detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[2]  C. J. van Rijsbergen,et al.  Information Retrieval , 1979, Encyclopedia of GIS.

[3]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[4]  Sushil Jajodia,et al.  ADAM: a testbed for exploring the use of data mining in intrusion detection , 2001, SGMD.

[5]  David G. Stork,et al.  Pattern classification, 2nd Edition , 2000 .

[6]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[7]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[8]  Mark Goadrich,et al.  The relationship between Precision-Recall and ROC curves , 2006, ICML.

[9]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[10]  Liwei Kuang,et al.  DNIDS: A dependable network intrusion detection system using the CSI-KNN algorithm , 2007 .

[11]  Trevor Darrell,et al.  Nearest-Neighbor Methods in Learning and Vision: Theory and Practice (Neural Information Processing) , 2006 .

[12]  Shigeo Abe DrEng Pattern Classification , 2001, Springer London.

[13]  Christopher Leckie,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[14]  Christin Schäfer,et al.  Learning Intrusion Detection: Supervised or Unsupervised? , 2005, ICIAP.