Network Anomaly Detection based on Tensor Decomposition

被引：4

作者：

Streit, Ananda ^{[1
]}

Santos, Gustavo ^{[1
]}

Leao, Rosa M. M. ^{[1
]}

Silva, Edmundo de Souza E. ^{[1
]}

Menasche, Daniel ^{[1
]}

Towsley, Don ^{[2
]}

机构：

[1] Univ Fed Rio de Janeiro, Rio De Janeiro, Brazil

[2] Univ Massachusetts Amherst, Amherst, MA USA

来源：

2020 MEDITERRANEAN COMMUNICATION AND COMPUTER NETWORKING CONFERENCE (MEDCOMNET) | 2020年

基金：

巴西圣保罗研究基金会;

关键词：

network measurement and analysis; machine Learning for networks; DDoS detection; tensor decomposition;

D O I：

10.1109/medcomnet49392.2020.9191461

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

The problem of detecting anomalies in time series from network measurements has been widely studied and is a topic of fundamental importance. Many anomaly detection methods are based on packet inspection collected at the network core routers, with consequent disadvantages in terms of computational cost and privacy. We propose an alternative method in which packet header inspection is not needed. The method is based on the extraction of a normal subspace obtained by the tensor decomposition technique considering the correlation between different metrics. We propose a new approach for online tensor decomposition where changes in the normal subspace can be tracked efficiently. Another advantage of our proposal is the interpretability of the obtained models. The flexibility of the method is illustrated by applying it to two distinct examples, both using actual data collected on residential routers.

引用

页数：8

共 21 条

[1]

[Anonymous], 2006, Methodology, DOI [DOI 10.1027/1614-2241.2.2.57, 10.1027/1614-2241.2.2.57]

[2]

Auchard E., GERMAN INTERNET OUTA

[3] Quantifying the Spectrum of Denial-of-Service Attacks through Internet Backscatter [J].

Blenn, Norbert ;

Ghiette, Vincent ;

Doerr, Christian .

PROCEEDINGS OF THE 12TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2017), 2017,

[4] PARAFAC. Tutorial and applications [J].

Bro, R .

CHEMOMETRICS AND INTELLIGENT LABORATORY SYSTEMS, 1997, 38 (02) :149-171

[5] A Survey on Big Data for Network Traffic Monitoring and Analysis [J].

D'Alconzo, Alessandro ;

Drago, Idilio ;

Morichetta, Andrea ;

Mellia, Marco ;

Casas, Pedro .

IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2019, 16 (03) :800-813

[6] Machine Learning DDoS Detection for Consumer Internet of Things Devices [J].

Doshi, Rohan ;

Apthorpe, Noah ;

Feamster, Nick .

2018 IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (SPW 2018), 2018, :29-35

[7]

Harshman R.A., 1984, Research methods for multimode data analysis, P566

[8] Network Volume Anomaly Detection and Identification in Large-Scale Networks Based on Online Time-Structured Traffic Tensor Tracking [J].

Kasai, Hiroyuki ;

Kellerer, Wolfgang ;

Kleinsteuber, Martin .

IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2016, 13 (03) :636-650

[9] Mining anomalies using traffic feature distributions [J].

Lakhina, A ;

Crovella, M ;

Diot, C .

ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2005, 35 (04) :217-228

[10] Diagnosing network-wide traffic anomalies [J].

Lakhina, A ;

Crovella, M ;

Diot, C .

ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2004, 34 (04) :219-230

← 1 2 3 →