Unsupervised Learning Model for Real-Time Anomaly Detection in Computer Networks

被引:5
作者
Limthong, Kriangkrai [1 ]
Fukuda, Kensuke [2 ]
Ji, Yusheng [2 ]
Yamada, Shigeki [2 ]
机构
[1] Grad Univ Adv Studies Sokendai, Tokyo 1018430, Japan
[2] Natl Inst Informat, Tokyo 1018430, Japan
来源
IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS | 2014年 / E97D卷 / 08期
关键词
machine learning; multivariate normal distribution; nearest neighbor; one-class support vector machine; INTRUSION DETECTION;
D O I
10.1587/transinf.E97.D.2084
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Detecting a variety of anomalies caused by attacks or accidents in computer networks has been one of the real challenges for both researchers and network operators. An effective technique that could quickly and accurately detect a wide range of anomalies would be able to prevent serious consequences for system security or reliability. In this article, we characterize detection techniques on the basis of learning models and propose an unsupervised learning model for real-time anomaly detection in computer networks. We also conducted a series of experiments to examine capabilities of the proposed model by employing three well-known machine learning algorithms, namely multivariate normal distribution, k-nearest neighbor, and one-class support vector machine. The results of these experiments on real network traffic suggest that the proposed model is a promising solution and has a number of flexible capabilities to detect several types of anomalies in real time.
引用
收藏
页码:2084 / 2094
页数:11
相关论文
共 25 条
[1]   Anomaly Detection: A Survey [J].
Chandola, Varun ;
Banerjee, Arindam ;
Kumar, Vipin .
ACM COMPUTING SURVEYS, 2009, 41 (03)
[2]   LIBSVM: A Library for Support Vector Machines [J].
Chang, Chih-Chung ;
Lin, Chih-Jen .
ACM TRANSACTIONS ON INTELLIGENT SYSTEMS AND TECHNOLOGY, 2011, 2 (03)
[3]   Application of SVM and ANN for intrusion detection [J].
Chen, WH ;
Hsu, SH ;
Shen, HP .
COMPUTERS & OPERATIONS RESEARCH, 2005, 32 (10) :2617-2634
[4]  
Davis J., 2006, P 23 INT C MACH LEAR, P233, DOI [10.1145/1143844.1143874, DOI 10.1145/1143844.1143874]
[5]   A taxonomy of networks and computer attacks [J].
Hansman, S ;
Hunt, R .
COMPUTERS & SECURITY, 2005, 24 (01) :31-43
[6]   A clustering-based method for unsupervised intrusion detections [J].
Jiang, SY ;
Song, XY ;
Wang, H ;
Han, JJ ;
Li, QH .
PATTERN RECOGNITION LETTERS, 2006, 27 (07) :802-810
[7]  
Kind Andreas, 2009, IEEE Transactions on Network and Service Management, V6, P110, DOI 10.1109/TNSM.2009.090604
[8]  
Labib K., 2002, NSOM: A real-time network-based intrusion detection system using self-organizing maps
[9]  
Lippmann R.P., 2000, P DARPA INF SURV C E, V2, P12, DOI DOI 10.1109/DISCEX.2000.821506
[10]   An empirical analysis of the probabilistic K-nearest neighbour classifier [J].
Manocha, S. ;
Girolami, M. A. .
PATTERN RECOGNITION LETTERS, 2007, 28 (13) :1818-1824
123