Unsupervised Ensemble Anomaly Detection Using Time-Periodic Packet Sampling
スポンサーリンク
概要
- 論文の詳細を見る
We propose an anomaly detection method for finding patterns in network traffic that do not conform to legitimate (i.e., normal) behavior. The proposed method trains a baseline model describing the normal behavior of network traffic without using manually labeled traffic data. The trained baseline model is used as the basis for comparison with the audit network traffic. This anomaly detection works in an unsupervised manner through the use of time-periodic packet sampling, which is used in a manner that differs from its intended purpose — the lossy nature of packet sampling is used to extract normal packets from the unlabeled original traffic data. Evaluation using actual traffic traces showed that the proposed method has false positive and false negative rates in the detection of anomalies regarding TCP SYN packets comparable to those of a conventional method that uses manually labeled traffic data to train the baseline model. Performance variation due to the probabilistic nature of sampled traffic data is mitigated by using ensemble anomaly detection that collectively exploits multiple baseline models in parallel. Alarm sensitivity is adjusted for the intended use by using maximum- and minimum-based anomaly detection that effectively take advantage of the performance variations among the multiple baseline models. Testing using actual traffic traces showed that the proposed anomaly detection method performs as well as one using manually labeled traffic data and better than one using randomly sampled (unlabeled) traffic data.
- 2012-07-01
著者
-
Tsuru Masato
Network Design Research Center Kyushu Institute Of Technology
-
OIE Yuji
Network Design Research Center, Kyushu Institute of Technology
-
Oie Yuji
Network Design Research Center Kyushu Institute Of Technology
-
GU Yu
Amazon Web Services
-
NAWATA Shuichi
KDDI R&D Laboratories Inc.
-
UCHIDA Masato
Department of Electrical, Electronics and Computer Engineering, Faculty of Engineering, Chiba Institute of Technology
関連論文
- Dynamic and Decentralized Storage Load Balancing with Analogy to Thermal Diffusion for P2P File Sharing
- Impact of Censoring on Estimation of Flow Duration Distribution and Its Mitigation Using Kaplan-Meier-Based Method
- TCP Flow Level Performance Evaluation on Error Rate Aware Scheduling Algorithms in Evolved UTRA and UTRAN Networks
- Kyushu-TCP : Improving Fairness of High-Speed Transport Protocols
- Compressing Packets Adaptively Inside Networks
- Stream Mining for Network Management(Network Management/Operation)
- Analysis of Two-Phase Path Management Scheme for MPLS Traffic Engineering
- Locating Congested Segments over the Internet Based on Multiple End-to-End Path Measurements(Internet Technology VI)
- 時間周期的パケットサンプリングの統計的性質とその異常トラヒック検知への応用(トラヒック計測)
- Virtual Single Network Path by Integrating Multiple and Heterogeneous Challenged Networks
- Splitting TCP Connections Adaptively Inside Networks
- Unsupervised Ensemble Anomaly Detection Using Time-Periodic Packet Sampling
- Node Degree Based Routing Metric for Traffic Load Distribution in the Internet
- A Design and Prototyping of In-Network Processing Platform to Enable Adaptive Network Services
- Virtual Single Network Path by Integrating Multiple and Heterogeneous Challenged Networks