DocumentCode
1791611
Title
A unified approach to network anomaly detection
Author
Babaie, Tahereh ; Chawla, Sanjay ; Ardon, Sebastien ; Yue Yu
Author_Institution
Sch. of IT, Univ. of Sydney, Sydney, NSW, Australia
fYear
2014
fDate
27-30 Oct. 2014
Firstpage
650
Lastpage
655
Abstract
This paper presents a unified approach for the detection of network anomalies. Current state of the art methods are often able to detect one class of anomalies at the cost of others. Our approach is based on using a Linear Dynamical System (LDS) to model network traffic. An LDS is equivalent to Hidden Markov Model (HMM) for continuous-valued data and can be computed using incremental methods to manage high-throughput (volume) and velocity that characterizes Big Data. Detailed experiments on synthetic and real network traces shows a significant improvement in detection capability over competing approaches. In the process we also address the issue of robustness of network anomaly detection systems in a principled fashion.
Keywords
Big Data; computer network security; hidden Markov models; Big Data; HMM; LDS; continuous-valued data; hidden Markov model; linear dynamical system; network anomaly detection; network traffic; Computer crime; Correlation; Hidden Markov models; IP networks; Kalman filters; Ports (Computers); Robustness;
fLanguage
English
Publisher
ieee
Conference_Titel
Big Data (Big Data), 2014 IEEE International Conference on
Conference_Location
Washington, DC
Type
conf
DOI
10.1109/BigData.2014.7004288
Filename
7004288
Link To Document