A unified approach to network anomaly detection

Tahereh Babaie, Sanjay Chawla, Sebastien Ardon, Yue Yu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

This paper presents a unified approach for the detection of network anomalies. Current state of the art methods are often able to detect one class of anomalies at the cost of others. Our approach is based on using a Linear Dynamical System (LDS) to model network traffic. An LDS is equivalent to Hidden Markov Model (HMM) for continuous-valued data and can be computed using incremental methods to manage high-throughput (volume) and velocity that characterizes Big Data. Detailed experiments on synthetic and real network traces shows a significant improvement in detection capability over competing approaches. In the process we also address the issue of robustness of network anomaly detection systems in a principled fashion.

Original languageEnglish
Title of host publicationProceedings - 2014 IEEE International Conference on Big Data, IEEE Big Data 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages650-655
Number of pages6
ISBN (Print)9781479956654
DOIs
Publication statusPublished - 7 Jan 2015
Externally publishedYes
Event2nd IEEE International Conference on Big Data, IEEE Big Data 2014 - Washington
Duration: 27 Oct 201430 Oct 2014

Other

Other2nd IEEE International Conference on Big Data, IEEE Big Data 2014
CityWashington
Period27/10/1430/10/14

Fingerprint

Dynamical systems
Hidden Markov models
Throughput
Experiments
Big data

ASJC Scopus subject areas

  • Artificial Intelligence
  • Information Systems

Cite this

Babaie, T., Chawla, S., Ardon, S., & Yu, Y. (2015). A unified approach to network anomaly detection. In Proceedings - 2014 IEEE International Conference on Big Data, IEEE Big Data 2014 (pp. 650-655). [7004288] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BigData.2014.7004288

A unified approach to network anomaly detection. / Babaie, Tahereh; Chawla, Sanjay; Ardon, Sebastien; Yu, Yue.

Proceedings - 2014 IEEE International Conference on Big Data, IEEE Big Data 2014. Institute of Electrical and Electronics Engineers Inc., 2015. p. 650-655 7004288.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Babaie, T, Chawla, S, Ardon, S & Yu, Y 2015, A unified approach to network anomaly detection. in Proceedings - 2014 IEEE International Conference on Big Data, IEEE Big Data 2014., 7004288, Institute of Electrical and Electronics Engineers Inc., pp. 650-655, 2nd IEEE International Conference on Big Data, IEEE Big Data 2014, Washington, 27/10/14. https://doi.org/10.1109/BigData.2014.7004288
Babaie T, Chawla S, Ardon S, Yu Y. A unified approach to network anomaly detection. In Proceedings - 2014 IEEE International Conference on Big Data, IEEE Big Data 2014. Institute of Electrical and Electronics Engineers Inc. 2015. p. 650-655. 7004288 https://doi.org/10.1109/BigData.2014.7004288
Babaie, Tahereh ; Chawla, Sanjay ; Ardon, Sebastien ; Yu, Yue. / A unified approach to network anomaly detection. Proceedings - 2014 IEEE International Conference on Big Data, IEEE Big Data 2014. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 650-655
@inproceedings{6d033c2d05a54f948664a527ce97f912,
title = "A unified approach to network anomaly detection",
abstract = "This paper presents a unified approach for the detection of network anomalies. Current state of the art methods are often able to detect one class of anomalies at the cost of others. Our approach is based on using a Linear Dynamical System (LDS) to model network traffic. An LDS is equivalent to Hidden Markov Model (HMM) for continuous-valued data and can be computed using incremental methods to manage high-throughput (volume) and velocity that characterizes Big Data. Detailed experiments on synthetic and real network traces shows a significant improvement in detection capability over competing approaches. In the process we also address the issue of robustness of network anomaly detection systems in a principled fashion.",
author = "Tahereh Babaie and Sanjay Chawla and Sebastien Ardon and Yue Yu",
year = "2015",
month = "1",
day = "7",
doi = "10.1109/BigData.2014.7004288",
language = "English",
isbn = "9781479956654",
pages = "650--655",
booktitle = "Proceedings - 2014 IEEE International Conference on Big Data, IEEE Big Data 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - A unified approach to network anomaly detection

AU - Babaie, Tahereh

AU - Chawla, Sanjay

AU - Ardon, Sebastien

AU - Yu, Yue

PY - 2015/1/7

Y1 - 2015/1/7

N2 - This paper presents a unified approach for the detection of network anomalies. Current state of the art methods are often able to detect one class of anomalies at the cost of others. Our approach is based on using a Linear Dynamical System (LDS) to model network traffic. An LDS is equivalent to Hidden Markov Model (HMM) for continuous-valued data and can be computed using incremental methods to manage high-throughput (volume) and velocity that characterizes Big Data. Detailed experiments on synthetic and real network traces shows a significant improvement in detection capability over competing approaches. In the process we also address the issue of robustness of network anomaly detection systems in a principled fashion.

AB - This paper presents a unified approach for the detection of network anomalies. Current state of the art methods are often able to detect one class of anomalies at the cost of others. Our approach is based on using a Linear Dynamical System (LDS) to model network traffic. An LDS is equivalent to Hidden Markov Model (HMM) for continuous-valued data and can be computed using incremental methods to manage high-throughput (volume) and velocity that characterizes Big Data. Detailed experiments on synthetic and real network traces shows a significant improvement in detection capability over competing approaches. In the process we also address the issue of robustness of network anomaly detection systems in a principled fashion.

UR - http://www.scopus.com/inward/record.url?scp=84921714792&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84921714792&partnerID=8YFLogxK

U2 - 10.1109/BigData.2014.7004288

DO - 10.1109/BigData.2014.7004288

M3 - Conference contribution

SN - 9781479956654

SP - 650

EP - 655

BT - Proceedings - 2014 IEEE International Conference on Big Data, IEEE Big Data 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -