Title :
Network Anomaly Detection Using a Commute Distance Based Approach
Author :
Khoa, Nguyen Lu Dang ; Babaie, Tahereh ; Chawla, Sanjay ; Zaidi, Zainab
Author_Institution :
Sch. of Inf. Technol., Univ. of Sydney Sydney, Sydney, NSW, Australia
Abstract :
We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.
Keywords :
Gaussian distribution; computer network security; data mining; principal component analysis; random processes; Gaussian distribution; commute distance; network anomaly detection; network traffic data; principal component analysis; random walk metric; commute distance based approach; density-based approach; distance-based approach; network anomaly detection; principal component analysis;
Conference_Titel :
Data Mining Workshops (ICDMW), 2010 IEEE International Conference on
Conference_Location :
Sydney, NSW
Print_ISBN :
978-1-4244-9244-2
Electronic_ISBN :
978-0-7695-4257-7
DOI :
10.1109/ICDMW.2010.90
