Network Anomaly Detection System using Genetic Algorithm and Fuzzy Logic

Multiple attributes from IP flows are combined to detect anomalous events.GA metaheuristic used for Digital Signature of Network Segment using Flow Analysis.Unsupervised training technique applied efficiently for network traffic profiling.Fuzzy Logic improved accuracy and false positives compared to state of art. Due to the sheer number of applications that uses computer networks, in which some are crucial to users and enterprises, network management is essential. Therefore, integrity and availability of computer networks become priorities, making it a fundamental resource to be managed. In this work, a scheme combining Genetic Algorithm and a Fuzzy Logic for network anomaly detection is discussed. The Genetic Algorithm is used to generate a Digital Signature of Network Segment using Flow Analysis, where information extracted from network flows data is used to predict the networks traffic behavior for a given time interval. Furthermore, a Fuzzy Logic scheme is applied to decide whether an instance represents an anomaly or not, differing from some approaches present in the literature. Indeed, it is proposed an expert system with the capability to monitor the networks traffic with IP flows while expected behaviors are generated in a regular time interval basis, issuing alarms when a possible problem is present. The proposed anomaly detection system exposes network problems autonomously. The results acquired from applying the proposed approach in a real network traffic flows achieve an accuracy of 96.53% and false positive rate of 0.56%. Moreover, our method succeeds in achieving higher performance compared to several other approaches.

[1]  Guoying Wang,et al.  Unsupervised network anomaly detection based on abnormality weights and subspace clustering , 2016, 2016 Sixth International Conference on Information Science and Technology (ICIST).

[2]  David E. Goldberg,et al.  Genetic Algorithms, Selection Schemes, and the Varying Effects of Noise , 1996, Evolutionary Computation.

[3]  Wathiq Laftah Al-Yaseen,et al.  Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system , 2017, Expert Syst. Appl..

[4]  Joel J. P. C. Rodrigues,et al.  A seven-dimensional flow analysis to help autonomous network management , 2014, Inf. Sci..

[5]  Sándor Molnár,et al.  Three-Dimensional Characterization of Internet Flows , 2011, 2011 IEEE International Conference on Communications (ICC).

[6]  Fred Spiring,et al.  Introduction to Statistical Quality Control , 2007, Technometrics.

[7]  Lotfi A. Zadeh,et al.  Fuzzy logic, neural networks, and soft computing , 1993, CACM.

[8]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[9]  Christopher Leckie,et al.  High-dimensional and large-scale anomaly detection using a linear one-class SVM with deep learning , 2016, Pattern Recognit..

[10]  P. Cisar,et al.  EWMA Statistic in Adaptive Threshold Algorithm , 2007, 2007 11th International Conference on Intelligent Engineering Systems.

[11]  A. Bennett The Origin of Species by means of Natural Selection; or the Preservation of Favoured Races in the Struggle for Life , 1872, Nature.

[12]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[13]  Christine M. Anderson-Cook Practical Genetic Algorithms (2nd ed.): Randy L. Haupt and Sue Ellen Haupt , 2005 .

[14]  Dogan Ibrahim,et al.  An Overview of Soft Computing , 2016 .

[15]  J. Buckley,et al.  Fuzzy expert systems and fuzzy reasoning , 2004 .

[16]  Boriana L. Milenova,et al.  Fuzzy and neural approaches in engineering , 1997 .

[17]  Nikhil Padhye,et al.  Evolutionary approaches for real world applications in 21st century , 2012, GECCO '12.

[18]  Marjan Mernik,et al.  Exploration and exploitation in evolutionary algorithms: A survey , 2013, CSUR.

[19]  Thomas Stützle,et al.  Ant colony optimization: artificial ants as a computational intelligence technique , 2006 .

[20]  Paulo Romero Martins Maciel,et al.  Comparison analysis of statistical control charts for quality monitoring of network traffic forecasts , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[21]  Junfeng Chen,et al.  An improved shuffled frog leaping algorithm for robot path planning , 2014, 2014 10th International Conference on Natural Computation (ICNC).

[22]  Mario Lemes Proença,et al.  Deep IP flow inspection to detect beyond network anomalies , 2017, Comput. Commun..

[23]  Arpan Kumar Kar,et al.  Bio inspired computing - A review of algorithms and scope of applications , 2016, Expert Syst. Appl..

[24]  Mohiuddin Ahmed,et al.  A survey of network anomaly detection techniques , 2016, J. Netw. Comput. Appl..

[25]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[26]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[27]  Salwani Abdullah,et al.  Hybridizing firefly algorithms with a probabilistic neural network for solving classification problems , 2015, Appl. Soft Comput..

[28]  José María Font,et al.  Bacterially inspired evolving system with an application to time series prediction , 2013, Appl. Soft Comput..

[29]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[30]  Ren Hui Gong,et al.  A software implementation of a genetic algorithm based approach to network intrusion detection , 2005, Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Network.

[31]  Lotfi A. Zadeh,et al.  Is there a need for fuzzy logic? , 2008, NAFIPS 2008 - 2008 Annual Meeting of the North American Fuzzy Information Processing Society.

[32]  Sylvio Barbon Junior,et al.  Unsupervised learning clustering and self-organized agents applied to help network management , 2016, Expert Syst. Appl..

[33]  Marcos V. O. de Assis,et al.  Scorpius: sFlow Network Anomaly Simulator , 2015, J. Comput. Sci..

[34]  Mario C. Cirillo,et al.  On the use of the normalized mean square error in evaluating dispersion model performance , 1993 .

[35]  Ailing Zhao,et al.  An Improved Hybrid Genetic Algorithm for Traveling Salesman Problem , 2009, 2009 International Conference on Computational Intelligence and Software Engineering.

[36]  Bu Sung Lee Francis,et al.  Combining MIC feature selection and feature-based MSPCA for network traffic anomaly detection , 2016, 2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC).

[37]  Raymond T. Ng,et al.  A Unified Notion of Outliers: Properties and Computation , 1997, KDD.

[38]  Tomás Pevný,et al.  Reducing false positives of network anomaly detection by local adaptive multivariate smoothing , 2017, J. Comput. Syst. Sci..

[39]  Zhiyang Li,et al.  Detecting DDoS attacks against data center with correlation analysis , 2015, Comput. Commun..

[40]  Sylvio Barbon Junior,et al.  Correlational paraconsistent machine for anomaly detection , 2014, 2014 IEEE Global Communications Conference.

[41]  Jugal K. Kalita,et al.  A multi-step outlier-based anomaly detection approach to network-wide traffic , 2016, Inf. Sci..

[42]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.

[43]  Charles F. Hockett,et al.  A mathematical theory of communication , 1948, MOCO.

[44]  Joel J. P. C. Rodrigues,et al.  Network anomaly detection using IP flows with Principal Component Analysis and Ant Colony Optimization , 2016, J. Netw. Comput. Appl..

[45]  Long Hu,et al.  An Improved Adaptive Genetic Algorithm for Job-Shop Scheduling Problem , 2007, Third International Conference on Natural Computation (ICNC 2007).

[46]  Mario Lemes Proença,et al.  Baseline to help with network management , 2004, e-Business and Telecommunication Networks.

[47]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[48]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[49]  Taufik Abrão,et al.  Digital Signature of Network Segment using Flow Analysis , 2016, DCNET/ICE-B/OPTICS.

[50]  Randy L. Haupt,et al.  Practical Genetic Algorithms , 1998 .

[51]  Peter Phaal,et al.  InMon Corporation's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks , 2001, RFC.

[52]  Yingbing Yu,et al.  A survey of anomaly intrusion detection techniques , 2012 .

[53]  Li-Yeh Chuang,et al.  Operon Prediction Using Chaos Embedded Particle Swarm Optimization , 2013, IEEE/ACM Transactions on Computational Biology and Bioinformatics.