• DocumentCode
    2407759
  • Title

    A Novel PCA-Based Network Anomaly Detection

  • Author

    Callegari, Christian ; Gazzarrini, Loris ; Giordano, Stefano ; Pagano, Michele ; Pepe, Teresa

  • Author_Institution
    Dept. of Inf. Eng., Univ. of Pisa, Pisa, Italy
  • fYear
    2011
  • fDate
    5-9 June 2011
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    The increasing number of network attacks causes growing problems for network operators and users. Thus, detecting anomalous traffic is of primary interest in IP networks management. In this paper we address the problem considering a method based on PCA for detecting network anomalies. In more detail, we present a new technique that extends the state of the art in PCA based anomaly detection. Indeed, by means of the Kullback-Leibler divergence we are able to obtain great improvements with respect to the performance of the "classical" approach. Moreover we also introduce a method for identifying the flows responsible for an anomaly detected at the aggregated level. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed method.
  • Keywords
    IP networks; computer network security; principal component analysis; telecommunication traffic; IP networks management; Kullback-Leibler divergence; PCA-based network anomaly detection; anomalous traffic detection; network attacks; principal component analysis; Aggregates; Entropy; Histograms; IEEE Communications Society; IP networks; Principal component analysis; Yttrium;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communications (ICC), 2011 IEEE International Conference on
  • Conference_Location
    Kyoto
  • ISSN
    1550-3607
  • Print_ISBN
    978-1-61284-232-5
  • Electronic_ISBN
    1550-3607
  • Type

    conf

  • DOI
    10.1109/icc.2011.5962595
  • Filename
    5962595
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2407759