Title :
A unified approach to network anomaly detection
Author :
Babaie, Tahereh ; Chawla, Sanjay ; Ardon, Sebastien ; Yue Yu
Author_Institution :
Sch. of IT, Univ. of Sydney, Sydney, NSW, Australia
Abstract :
This paper presents a unified approach for the detection of network anomalies. Current state of the art methods are often able to detect one class of anomalies at the cost of others. Our approach is based on using a Linear Dynamical System (LDS) to model network traffic. An LDS is equivalent to Hidden Markov Model (HMM) for continuous-valued data and can be computed using incremental methods to manage high-throughput (volume) and velocity that characterizes Big Data. Detailed experiments on synthetic and real network traces shows a significant improvement in detection capability over competing approaches. In the process we also address the issue of robustness of network anomaly detection systems in a principled fashion.
Keywords :
Big Data; computer network security; hidden Markov models; Big Data; HMM; LDS; continuous-valued data; hidden Markov model; linear dynamical system; network anomaly detection; network traffic; Computer crime; Correlation; Hidden Markov models; IP networks; Kalman filters; Ports (Computers); Robustness;
Conference_Titel :
Big Data (Big Data), 2014 IEEE International Conference on
Conference_Location :
Washington, DC
DOI :
10.1109/BigData.2014.7004288
