A lightweight network anomaly detection technique
Abstract
While the network anomaly detection is essential in network operations and management, it becomes further challenging to perform the first line of detection against the exponentially increasing volume of network traffic. In this paper, we develop a technique for the first line of online anomaly detection with two important considerations: (i) availability of traffic attributes during the monitoring time, and (ii) computational scalability for streaming data. The presented learning technique is lightweight and highly scalable with the beauty of approximation based on the grid partitioning of the given dimensional space. With the public traffic traces of KDD Cup 1999 and NSL-KDD, we show that our technique yields 98.5% and 83% of detection accuracy, respectively, only with a couple of readily available traffic attributes that can be obtained without the help of post-processing. Finally, the results are at least comparable with the classical learning methods including decision tree and random forest, with approximately two orders of magnitude faster learning performance.
- Authors:
-
- Texas A & M Univ., Commerce, TX (United States)
- Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
- Electronics and Telecommunications Research Inst. (ETRI), Daejeon (Korea, Republic of)
- Publication Date:
- Research Org.:
- Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States); Electronics and Telecommunications Research Inst. (ETRI), Daejeon (Korea, Republic of)
- Sponsoring Org.:
- USDOE Office of Science (SC), Workforce Development for Teachers and Scientists (WDTS); USDOE Office of Science (SC), Advanced Scientific Computing Research (ASCR); Ministry of Science, ICT and Future Planning (MSIP) of Korea
- OSTI Identifier:
- 1379772
- Grant/Contract Number:
- AC02-05CH11231; B0101-15-1293
- Resource Type:
- Accepted Manuscript
- Journal Name:
- 2017 International Conference on Computing, Networking and Communications, ICNC 2017
- Additional Journal Information:
- Journal Name: 2017 International Conference on Computing, Networking and Communications, ICNC 2017
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING; complexity theory; testing; conferences; learning systems; computer crime; partitioning algorithms; decision trees; telecommunication traffic; computer network security
Citation Formats
Kim, Jinoh, Yoo, Wucherl, Sim, Alex, Suh, Sang C., and Kim, Ikkyun. A lightweight network anomaly detection technique. United States: N. p., 2017.
Web. doi:10.1109/ICCNC.2017.7876251.
Kim, Jinoh, Yoo, Wucherl, Sim, Alex, Suh, Sang C., & Kim, Ikkyun. A lightweight network anomaly detection technique. United States. https://doi.org/10.1109/ICCNC.2017.7876251
Kim, Jinoh, Yoo, Wucherl, Sim, Alex, Suh, Sang C., and Kim, Ikkyun. Mon .
"A lightweight network anomaly detection technique". United States. https://doi.org/10.1109/ICCNC.2017.7876251. https://www.osti.gov/servlets/purl/1379772.
@article{osti_1379772,
title = {A lightweight network anomaly detection technique},
author = {Kim, Jinoh and Yoo, Wucherl and Sim, Alex and Suh, Sang C. and Kim, Ikkyun},
abstractNote = {While the network anomaly detection is essential in network operations and management, it becomes further challenging to perform the first line of detection against the exponentially increasing volume of network traffic. In this paper, we develop a technique for the first line of online anomaly detection with two important considerations: (i) availability of traffic attributes during the monitoring time, and (ii) computational scalability for streaming data. The presented learning technique is lightweight and highly scalable with the beauty of approximation based on the grid partitioning of the given dimensional space. With the public traffic traces of KDD Cup 1999 and NSL-KDD, we show that our technique yields 98.5% and 83% of detection accuracy, respectively, only with a couple of readily available traffic attributes that can be obtained without the help of post-processing. Finally, the results are at least comparable with the classical learning methods including decision tree and random forest, with approximately two orders of magnitude faster learning performance.},
doi = {10.1109/ICCNC.2017.7876251},
journal = {2017 International Conference on Computing, Networking and Communications, ICNC 2017},
number = ,
volume = ,
place = {United States},
year = {Mon Mar 13 00:00:00 EDT 2017},
month = {Mon Mar 13 00:00:00 EDT 2017}
}