Improving PCA-based anomaly detection by using multiple time scale analysis and Kullback-Leibler divergence

被引：21

作者：

Callegari, Christian ^{[1
]}

Gazzarrini, Loris ^{[1
]}

Giordano, Stefano ^{[1
]}

Pagano, Michele ^{[1
]}

Pepe, Teresa ^{[1
]}

机构：

[1] Univ Pisa, Dept Informat Engn, Pisa, Italy

来源：

INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS | 2014年 / 27卷 / 10期

关键词：

anomaly detection; K-L divergence; multiple time scale; PCA; INTRUSION DETECTION;

D O I：

10.1002/dac.2432

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

The increasing number of network attacks causes growing problems for network operators and users. Thus, detecting anomalous traffic is of primary interest in IP networks management. In this paper, we address the problem considering a method based on PCA for detecting network anomalies. In more detail, this paper presents a new technique that extends the state of the art in PCA-based anomaly detection. Indeed, by means of multi-scale analysis and Kullback-Leibler divergence, we are able to obtain great improvements with respect to the performance of the 'classical' approach. Moreover, we also introduce a method for identifying the flows responsible for an anomaly detected at the aggregated level. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed method. Copyright (C) 2012 John Wiley & Sons, Ltd.

引用

页码：1731 / 1751

页数：21

共 20 条

[1]

Adami D, 2010, IEEE ICC

[2]

[Anonymous], 2004, IMC

[3]

Bouzida Y, 2004, 3 C SEC ARCH RES

[4] Improving network anomaly detection effectiveness via an integrated multi-metric-multi-link (M3L) PCA-based approach [J].