Title :
A semi-supervised model for network traffic anomaly detection
Author :
Nguyen Ha Duong ; Hoang Dang Hai
Author_Institution :
Fac. of Inf. & Technol., Nat. Univ. of Civil Eng., Vietnam
Abstract :
Network traffic anomaly detection can help to early detect network attacks because hacker´s activities may result in unusual changes of network traffic, that are significant fluctuations compared to normal traffic of the network Among various anomaly detection approaches, principal component analysis (PCA) has been seen as an effective solution. Until now, PCA is basically applied to dimension reduction method. Several issues remain including: how effective can PCA be applied to semi-supervised models with a small training dataset, which components are significant for anomaly detection. This paper proposes a semi-supervised model using a modified Mahanalobis distance based on PCA for network traffic anomaly detection. We propose a K-means clustering method to build normal profile of traffic to improve the training dataset and propose to give weights to choose principal components of PCA.
Keywords :
principal component analysis; telecommunication security; telecommunication traffic; K-means clustering; hacker activities; modified Mahanalobis distance; network attacks; network traffic anomaly detection; principal component analysis; semisupervised model; small training dataset; Clustering algorithms; Correlation; Covariance matrices; Eigenvalues and eigenfunctions; Principal component analysis; Training; Training data; Network traffic anomaly; anomaly detection; intrusion detection; network security; semi-supervised model;
Conference_Titel :
Advanced Communication Technology (ICACT), 2015 17th International Conference on
Conference_Location :
Seoul
Print_ISBN :
978-8-9968-6504-9
DOI :
10.1109/ICACT.2015.7224759
