Network Anomaly Detection using PSO-ANN

In this work, the continue from the last research work done [20], thus it is proposed a data mining based anomaly detection system, aiming to detect volume anomalies, using Simple Network Management Protocol (SNMP) monitoring. The method is novel in terms of combining the use of Digital Signature of Network Segment (DSNS) with the evolutionary technique called Particle Swarm Optimization (PSO)[5] and neural network training, applied in a real data set. PSO is a high efficient heuristic technique with low computational complexity, developed in 1995 by Kennedy and Eberhart [1] inspired by social behavior of bird flocking. The DSNS is a baseline that consists of different normal behavior profiles to a specific network device or segment, generated by the GBA tool (Automatic Backbone Management), using data collected from SNMP objects. The proposed anomaly detection system uses the SVM in order to clusterize the traffic collected by SNMP agents and its respective DSNS. The PSO is combined with the SVM in order to improve performance and quality of the solution in the clusterization and calculation of clusters centroids. Tests were carried out using a real network environment in the Techno India University, Kolkata. Numerical results have been shown that the obtained detection and false alarm rates are promising. It is also implemented the deterministic method proposed in order to detect anomalies on the same dataset, so that both methods could be compared.

[1]  Yuan Liu,et al.  Network Anomaly Detection Using RBF Neural Network with Hybrid QPSO , 2008, 2008 IEEE International Conference on Networking, Sensing and Control.

[2]  Riccardo Poli,et al.  Analysis of the publications on the applications of particle swarm optimisation , 2008 .

[3]  Soheila Dehghanzadeh,et al.  Optimizing Fuzzy K-means for network anomaly detection using PSO , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[4]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[5]  Joel J. P. C. Rodrigues,et al.  Parameterized Anomaly Detection System with Automatic Configuration , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[6]  Riccardo Poli,et al.  Particle swarm optimization , 1995, Swarm Intelligence.

[7]  Russell C. Eberhart,et al.  Parameter Selection in Particle Swarm Optimization , 1998, Evolutionary Programming.

[8]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[9]  Ya-ling Zhang,et al.  A Network Anomaly Detection Method Based on Relative Entropy Theory , 2009, 2009 Second International Symposium on Electronic Commerce and Security.

[10]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[11]  Lizhong Xiao,et al.  K-means Algorithm Based on Particle Swarm Optimization Algorithm for Anomaly Intrusion Detection , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[12]  Xenofontas A. Dimitropoulos,et al.  Histogram-based traffic anomaly detection , 2009, IEEE Transactions on Network and Service Management.

[13]  Mauro Birattari,et al.  Swarm Intelligence , 2012, Lecture Notes in Computer Science.

[14]  Dipankar Dasgupta,et al.  An Overview of Artificial Immune Systems and Their Applications , 1993 .

[15]  Shunzheng Yu,et al.  Anomaly Detection Based on Available Bandwidth Estimation , 2008, 2008 IFIP International Conference on Network and Parallel Computing.

[16]  Diptam Dutta,et al.  Training Artificial Neural Network using Particle Swarm Optimization Algorithm , 2013 .

[17]  Mario Lemes Proença,et al.  Baseline to help with network management , 2004, e-Business and Telecommunication Networks.

[18]  Mohammad Zulkernine,et al.  An anomaly intrusion detection method using the CSI-KNN algorithm , 2008, SAC '08.

[19]  Nadia Nedjah,et al.  Swarm Intelligent Systems , 2006, Studies in Computational Intelligence.

[20]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.