Title :
Neural network based anomaly detection
Author :
Callegari, Christian ; Giordano, Stefano ; Pagano, Michele
Author_Institution :
Dept. of Inf. Eng., Univ. of Pisa, Pisa, Italy
Abstract :
Detecting anomalous traffic with low false alarm rates is of primary interest in IP networks management. To this aim it is essential to distinguish between the natural variability of traffic due to its bursty nature and attack-related anomalous events. In this paper we investigate the applicability of neural networks for traffic prediction, focusing on the multilayer feedforward architecture and comparing the performance of different back-propagation algorithms. Prediction is carried out for different random aggregates (obtained through reversible sketches, introduced to improve the scalability of the solution) of traffic flows and, after comparing the prediction error with a threshold, a voting procedure is used to decide about the nature of the current data (with the additional possibility of identifying anomalous flows thanks to the features of reversible sketches). The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed method (in terms of low false alarm rates and convergence speed) for an adequate choice of the learning algorithm.
Keywords :
IP networks; multilayer perceptrons; IP networks management; back-propagation algorithms; bursty nature; learning algorithm; multilayer feedforward architecture; neural network based anomaly detection; performance analysis; traffic prediction; voting procedure; Aggregates; Algorithm design and analysis; Biological neural networks; Convergence; Intrusion detection; Prediction algorithms; Anomaly Detection; Neural Network; Sketch;
Conference_Titel :
Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), 2014 IEEE 19th International Workshop on
Conference_Location :
Athens
DOI :
10.1109/CAMAD.2014.7033256
