Network anomaly detection using a commute distance based approach

Nguyen Lu Dang Khoa, Tahereh Babaie, Sanjay Chawla, Zainab Zaidi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.

Original languageEnglish
Title of host publicationProceedings - IEEE International Conference on Data Mining, ICDM
Pages943-950
Number of pages8
DOIs
Publication statusPublished - 2010
Externally publishedYes
Event10th IEEE International Conference on Data Mining Workshops, ICDMW 2010 - Sydney, NSW, Australia
Duration: 14 Dec 201017 Dec 2010

Other

Other10th IEEE International Conference on Data Mining Workshops, ICDMW 2010
CountryAustralia
CitySydney, NSW
Period14/12/1017/12/10

Fingerprint

Principal component analysis
Gaussian distribution
Experiments

Keywords

  • Commute distance based approach
  • Density-based approach
  • Distance-based approach
  • Network anomaly detection
  • Principal component analysis

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Khoa, N. L. D., Babaie, T., Chawla, S., & Zaidi, Z. (2010). Network anomaly detection using a commute distance based approach. In Proceedings - IEEE International Conference on Data Mining, ICDM (pp. 943-950). [5693397] https://doi.org/10.1109/ICDMW.2010.90

Network anomaly detection using a commute distance based approach. / Khoa, Nguyen Lu Dang; Babaie, Tahereh; Chawla, Sanjay; Zaidi, Zainab.

Proceedings - IEEE International Conference on Data Mining, ICDM. 2010. p. 943-950 5693397.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Khoa, NLD, Babaie, T, Chawla, S & Zaidi, Z 2010, Network anomaly detection using a commute distance based approach. in Proceedings - IEEE International Conference on Data Mining, ICDM., 5693397, pp. 943-950, 10th IEEE International Conference on Data Mining Workshops, ICDMW 2010, Sydney, NSW, Australia, 14/12/10. https://doi.org/10.1109/ICDMW.2010.90
Khoa NLD, Babaie T, Chawla S, Zaidi Z. Network anomaly detection using a commute distance based approach. In Proceedings - IEEE International Conference on Data Mining, ICDM. 2010. p. 943-950. 5693397 https://doi.org/10.1109/ICDMW.2010.90
Khoa, Nguyen Lu Dang ; Babaie, Tahereh ; Chawla, Sanjay ; Zaidi, Zainab. / Network anomaly detection using a commute distance based approach. Proceedings - IEEE International Conference on Data Mining, ICDM. 2010. pp. 943-950
@inproceedings{937b5d4834fc42e7963220b6580c8675,
title = "Network anomaly detection using a commute distance based approach",
abstract = "We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.",
keywords = "Commute distance based approach, Density-based approach, Distance-based approach, Network anomaly detection, Principal component analysis",
author = "Khoa, {Nguyen Lu Dang} and Tahereh Babaie and Sanjay Chawla and Zainab Zaidi",
year = "2010",
doi = "10.1109/ICDMW.2010.90",
language = "English",
isbn = "9780769542577",
pages = "943--950",
booktitle = "Proceedings - IEEE International Conference on Data Mining, ICDM",

}

TY - GEN

T1 - Network anomaly detection using a commute distance based approach

AU - Khoa, Nguyen Lu Dang

AU - Babaie, Tahereh

AU - Chawla, Sanjay

AU - Zaidi, Zainab

PY - 2010

Y1 - 2010

N2 - We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.

AB - We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.

KW - Commute distance based approach

KW - Density-based approach

KW - Distance-based approach

KW - Network anomaly detection

KW - Principal component analysis

UR - http://www.scopus.com/inward/record.url?scp=79951760070&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=79951760070&partnerID=8YFLogxK

U2 - 10.1109/ICDMW.2010.90

DO - 10.1109/ICDMW.2010.90

M3 - Conference contribution

SN - 9780769542577

SP - 943

EP - 950

BT - Proceedings - IEEE International Conference on Data Mining, ICDM

ER -