 Collective Anomaly Detection Techniques for Network Traffic AnalysisMohiuddin Ahmed ()
Annals of Data Science, 2018, vol. 5, issue 4, No 1, 497-512 Abstract: Abstract In certain cyber-attack scenarios, such as flooding denial of service attacks, the data distribution changes significantly. This forms a collective anomaly, where some similar kinds of normal data instances appear in abnormally large numbers. Since they are not rare anomalies, existing anomaly detection techniques cannot properly identify them. This paper investigates detecting this behaviour using the existing clustering and co-clustering based techniques and utilizes the network traffic modelling technique via Hurst parameter to propose a more effective algorithm combining clustering and Hurst parameter. Experimental analysis reflects that the proposed Hurst parameter-based technique outperforms existing collective and rare anomaly detection techniques in terms of detection accuracy and false positive rates. The experimental results are based on benchmark datasets such as KDD Cup 1999 and UNSW-NB15 datasets. Keywords: Collective anomaly; Hurst parameter; Clustering; Denial of service; Cyber attack (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:spr:aodasc:v:5:y:2018:i:4:d:10.1007_s40745-018-0149-0 Ordering information: This journal article can be ordered from DOI: 10.1007/s40745-018-0149-0 Access Statistics for this article Annals of Data Science is currently edited by Yong Shi More articles in Annals of Data Science from Springer |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.