Anomaly detection in IP networks with principal component analysis

Author

Issariyapat, Chavee ; Fukuda, Kensuke

Author_Institution

Nat. Electron. & Comput. Technol. Center, Pathumthani, Thailand

fYear

2009

fDate

28-30 Sept. 2009

Firstpage

1229

Lastpage

1234

Abstract

In this paper, we study the application of PCA to the IP network anomaly detection. The algorithm is based on detecting changes in traffic feature distribution aggregated by sample entropy. This method of detection has originally been proposed to detect anomalous traffic on origin-destination flows in backbone networks. We have adjusted the algorithm so that it works with network traffic captured from a single network interface. This makes the algorithm possible to be implemented in any IP networks. The experimental result shows that our implementation can detect some types of known anomaly. As the algorithm is also able to detect unknown types of anomaly, it is also possible to be implemented as preliminary detection system.

Keywords

IP networks; entropy; principal component analysis; telecommunication security; telecommunication traffic; IP network anomaly detection; PCA technique; anomalous traffic feature distribution aggregation; experimental result; origin-destination flow; preliminary detection system; principal component analysis; sample entropy; single network interface; Computer networks; Electronic mail; IP networks; Informatics; Network interfaces; Predictive models; Principal component analysis; Signal processing algorithms; Telecommunication traffic; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications and Information Technology, 2009. ISCIT 2009. 9th International Symposium on

Conference_Location

Icheon

Print_ISBN

978-1-4244-4521-9

Electronic_ISBN

978-1-4244-4522-6

Type

conf

DOI

10.1109/ISCIT.2009.5341079

Filename

5341079