Abstract
To develop a network traffic anomaly detection technique and system, it is indeed necessary to know the basic properties of network-wide traffic. This chapter starts with a discussion of the basic properties of network-wide traffic with an example. This chapter is organized into six major sections to describe different network anomaly detection techniques and systems. They are statistical techniques and systems, classification-based techniques and systems, clustering and outlier-based techniques and systems, soft computing-based techniques and systems, knowledge-based techniques and systems, and techniques and systems based on combination learners. Finally, it presents the strengths and weaknesses of each category of detection techniques and systems with a detailed comparison.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abbes, T., Bouhoula, A., Rusinowitch, M.: Efficient decision tree for protocol analysis in intrusion detection. Int. J. Secur. Netw. 5(4), 220–235 (2010)
Adetunmbi, A.O., Falaki, S.O., Adewale, O.S., Alese, B.K.: Network intrusion detection based on rough set and k-nearest neighbour. Int. J. Comput. ICT Res. 2(1), 60–66 (2008)
Agrawal, R., Srikant, R.: Fast algorithms for mining association rules in large databases. In: Proceedings of the 20th International Conference on Very Large Data Bases, pp. 487–499. Morgan Kaufmann, San Francisco (1994)
Amini, M., Jalili, R., Shahriari, H.R.: RT-UNNID: a practical solution to real-time network-based intrusion detection using unsupervised neural networks. Comput. Secur. 25(6), 459–468 (2006)
Amiri, F., Yousefi, M.M.R., Lucas, C., Shakery, A., Yazdani, N.: Mutual information-based feature selection for intrusion detection systems. J. Netw. Comput. Appl. 34(4), 1184–1199 (2011)
Anderson, D., Lunt, T.F., Javitz, H., Tamaru, A., Valdes, A.: Detecting Unusual Program Behaviour Using the Statistical Component of the Next-generation Intrusion Detection Expert System (NIDES). Tech. Rep. SRIO-CSL-95-06, Computer Science Laboratory, SRI International (1995)
Anscombe, F.J., Guttman, I.: Rejection of outliers. Technometrics 2(2), 123–147 (1960)
Ariu, D., Tronci, R., Giacinto, G.: HMMPayl: an intrusion detection system based on hidden Markov models. Comput. Secur. 30(4), 221–241 (2011)
Arumugam, M., Thangaraj, P., Sivakumar, P., Pradeepkumar, P.: Implementation of two class classifiers for hybrid intrusion detection. In: Proceedings of the International Conference on Communication and Computational Intelligence, pp. 486–490 (2010)
Aydin, M.A., Zaim, A.H., Ceylan, K.G.: A hybrid intrusion detection system design for computer network security. Comput. Electr. Eng. 35(3), 517–526 (2009)
Balajinath, B., Raghavan, S.V.: Intrusion detection through learning behavior model. Comput. Commun. 24(12), 1202–1212 (2001)
Bezdek, J.C., Ehrlich, R., Full, W.: FCM: the Fuzzy C-means clustering algorithm. Comput. Geosci. 10(2-3), 191–203 (1984). doi:10.1016/0098-3004(84)90020-7
Bhuyan, M.H., Bhattacharyya, D., Kalita, J.: A multi-step outlier-based anomaly detection approach to network-wide traffic. Inf. Sci. 348, 243–271 (2016)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: NADO: network anomaly detection using outlier approach. In: Proceedings of the International Conference on Communication, Computing and Security, pp. 531–536. ACM, Odisha (2011)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: RODD: an effective reference-based outlier detection technique for large datasets. In: Advanced Computing, vol. 133, pp. 76–84. Springer, Berlin (2011)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Surveying port scans and their detection methodologies. Comp. J. 54(10), 1565–1581 (2011)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An effective unsupervised network anomaly detection method. In: Proceedings of the International Conference on Advances in Computing, Communications and Informatics, pp. 533–539. ACM, New York (2012)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: AOCD: an adaptive outlier based coordinated scan detection approach. Int. J. Netw. Secur. 14(6), 339–351 (2012)
Bolzoni, D., Etalle, S., Hartel, P.H., Zambon, E.: POSEIDON: a 2-tier anomaly-based network intrusion detection system. In: Proceedings of the 4th IEEE International Workshop on Information Assurance, pp. 144–156 (2006)
Borji, A.: Combining heterogeneous classifiers for network intrusion detection. In: Proceedings of the 12th Asian Computing Science Conference on Advances in Computer Science: Computer and Network Security, pp. 254–260. Springer (2007)
Braynov, S., Jadliwala, M.: Detecting malicious groups of agents. In: Proceedings of the 1st IEEE Symposium on Multi-Agent Security and Survivability, pp. 90–99. IEEE CS (2004)
Breiman, L., Friedman, J., Olshen, R., Stone, C.: Classification and regression trees. Wadsworth and Brooks, Monterey (1984)
Cai, Z., Guan, X., Shao, P., Peng, Q., Sun, G.: A rough set theory based method for anomaly intrusion detection in computer network systems. Expert Syst. 20(5), 251–259 (2003)
Cannady, J.: Applying CMAC-based on-line learning to intrusion detection. In: Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks, vol. 5, pp. 405–410 (2000)
Carpenter, G., Grossberg, S.: Adaptive resonance theory. In: The Handbook of Brain Theory and Neural Networks, pp. 87–90. MIT Press, Cambridge (2003)
Casas, P., Mazel, J., Owezarski, P.: Unsupervised network intrusion detection systems: detecting the unknown without knowledge. Comput. Commun. 35(7), 772–783 (2012)
Chan, P.K., Mahoney, M.V., Arshad, M.H.: A Machine Learning Approach to Anomaly Detection. Tech. Rep. CS-2003-06, Department of Computer Science, Florida Institute of Technology (2003)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41(3), 15:1–15:58 (2009)
Chatzigiannakis, V., Androulidakis, G., Pelechrinis, K., Papavassiliou, S., Maglaris, V.: Data fusion algorithms for network anomaly detection: classification and evaluation. In: Proceedings of the 3rd International Conference on Networking and Services, pp. 50–57. IEEE CS (2007)
Chebrolu, S., Abraham, A., Thomas, J.P.: Feature deduction and ensemble design of intrusion detection systems. Comput. Secur. 24(4), 295–307 (2005)
Chen, R.C., Cheng, K.F., Chen, Y.H., Hsieh, C.F.: Using rough set and support vector machine for network intrusion detection system. In: Proceedings of the 1st Asian Conference on Intelligent Information and Database Systems, pp. 465–470. IEEE Computer Society, Washington, DC (2009)
Chen, Z., Chen, C.: A closed-form expression for static worm-scanning strategies. In: Proceedings of the IEEE International Conference on Communications, pp. 1573–1577. IEEE CS, Beijing (2008)
Chhabra, P., Scott, C., Kolaczyk, E.D., Crovella, M.: Distributed spatial anomaly detection. In: Proceedings of the 27th IEEE International Conference on Computer Communications, pp. 1705–1713 (2008)
Chimphlee, W., Abdullah, A.H., Noor, M.S.M., Srinoy, S., Chimphlee, S.: Anomaly-based intrusion detection using fuzzy rough clustering. In: Proceedings of the International Conference on Hybrid Information Technology, vol. 1, pp. 329–334. IEEE Computer Society, Washington, DC (2006)
Choo, K.K.R.: the cyber threat landscape: challenges and future research directions. Comput. Secur. 30(8), 719–731 (2011)
Daniel, B., Julia, C., Sushil, J., Ningning, W.: ADAM: a testbed for exploring the use of data mining in intrusion detection. ACM SIGMOD Rec. 30(4), 15–24 (2001)
Das, K., Schneider, J., Neill, D.B.: Anomaly pattern detection in categorical datasets. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 169–176. ACM (2008). doi:10.1145/1401890.1401915
Davies, D.L., Bouldin, D.W.: A cluster separation measure. IEEE Trans. Pattern Anal. Mach. Intell. 1(2), 224–227 (1979)
De Vivo, M., Carrasco, E., Isern, G., de Vivo, G.O.: A review of port scanning techniques. SIGCOMM Comput. Commun. Rev. 29(2), 41–48 (1999)
Denning, D.E., Neumann, P.G.: Requirements and Model for IDES – A Real-time Intrusion Detection System. Tech. Rep. 83F83-01-00, Computer Science Laboratory, SRI International (1985)
Desforges, M.J., Jacob, P.J., Cooper, J.E.: Applications of probability density estimation to the detection of abnormal conditions in engineering. In: Proceedings of Institute of Mechanical Engineers, vol. 212, pp. 687–703 (1998)
Dickerson, J.E.: Fuzzy network profiling for intrusion detection. In: Proceedings of the 19th International Conference of the North American Fuzzy Information Processing Society, pp. 301–306. Atlanta (2000)
Dorigo, M., Maniezzo, V., Colorni, A.: Ant system: optimization by a colony of cooperating agents. IEEE Trans. Syst. Man Cybern. B Cybern. 26(1), 29–41 (1996)
Duffield, N.G., Haffner, P., Krishnamurthy, B., Ringberg, H.: Rule-based anomaly detection on IP flows. In: Proceedings of the 28th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, pp. 424–432. IEEE press, Rio de Janeiro (2009)
Dunn, J.C.: Well separated clusters and optimal fuzzy partitions. J. Cybern. 4(1), 95–104 (1974)
Edwards, G., Kang, B., Preston, P., Compton, P.: Prudent expert systems with credentials: managing the expertise of decision support systems. Int. J. Biomed. Comput. 40(2), 125–132 (1995)
Ensafi, R., Park, J.C., Kapur, D., Crandall, J.R.: Idle port scanning and non-interference analysis of network protocol stacks using model checking. In: Proceedings of the 19th USENIX Security Symposium (2010)
Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Kumar, V., Srivastava, J.: Chapter 3: MINDS – Minnesota intrusion detection system. In: Next Generation Data Mining, pp. 1–21. CRC press (2004)
Eskin, E.: Anomaly detection over noisy data using learned probability distributions. In: Proceedings of the 7th International Conference on Machine Learning, pp. 255–262. Morgan Kaufmann Publishers Inc. (2000)
Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data. In: Applications of Data Mining in Computer Security. Kluwer Academic, Boston (2002)
Estevez-Tapiador, J.M., Garcya-Teodoro, P., Dyaz-Verdejo, J.E.: Stochastic protocol modeling for anomaly-based network intrusion detection. In: Proceedings of the 1st International Workshop on Information Assurance, pp. 3–12. IEEE CS (2003)
Falletta, V., Ricciato, F.: Detecting scanners: empirical assessment on 3G network. Int. J. Netw. Secur. 9(2), 143–155 (2009)
Folino, G., Pizzuti, C., Spezzano, G.: An ensemble-based evolutionary framework for coping with distributed intrusion detection. Genet. Program. Evolvable Mach. 11(2), 131–146 (2010)
Friedman, N., Geiger, D., Goldszmidt, M.: Bayesian network classifiers. Mach. Learn. 29(2–3), 131–163 (1997)
Gaddam, S.R., Phoha, V.V., Balagani, K.S.: K-Means+ID3: a novel method for supervised anomaly detection by cascading k-means clustering and id3 decision tree learning methods. IEEE Trans. Knowl. Data Eng. 19(3), 345–354 (2007)
Gadge, J., Patil, A.A.: Port scan detection. In: Proceedings of 16th IEEE International Conference on Networks, pp. 1–6. IEEE Computer Society, Habitat World, IHC, New Delhi (2008)
Gao, H.H., Yang, H.H., Wang, X.Y.: Ant colony optimization based network intrusion feature selection and detection. In: Proceedings of the International Conference on Machine Learning and Cybernetics, vol. 6, pp. 3871–3875 (2005). doi:10.1109/ICMLC.2005.1527615
Garcia-Teodoro, P., Diaz-Verdejo, J., Macia-Fernandez, G., Vazquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1-2), 18–28 (2009)
Gates, C., McNutt, J.J., Kadane, J.B., Kellner, M.: Scan detection on very large networks using logistic regression modeling. In: Proceedings of the 11th IEEE Symposium on Computers and Communications, pp. 402–408. IEEE Computer Society, Pula-Cagliari, Sardinia (2006)
Geramiraz, F., Memaripour, A.S., Abbaspour, M.: Adaptive anomaly-based intrusion detection system using fuzzy controller. Int. J. Netw. Secur. 14(6), 352–361 (2012)
Giacinto, G., Perdisci, R., Rio, M.D., Roli, F.: Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Inf. Fusion 9(1), 69–82 (2008)
Giacinto, G., Roli, F., Didaci, L.: Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recogn. Lett. 24(12), 1795–1803 (2003)
Gogoi, P., Bhattacharyya, D.K., Borah, B., Kalita, J.K.: A survey of outlier detection methods in network anomaly identification. Comput. J. 54(4), 570–588 (2011)
Gong, W., Fu, W., Cai, L.: A neural network based intrusion detection data fusion model. In: Proceedings of the 3rd International Joint Conference on Computational Science and Optimization, vol. 2, pp. 410–414. IEEE CS (2010)
Gyorgy, S.U., Gyorgy, J.S., Hui, X.: Scan detection: a data mining approach. In: Proceedings of the Sixth SIAM International Conference on Data Mining, pp. 118–129. SIAM, Sutton Place Hotel, Newport Beach (2005)
Haykin, S.: Neural Networks. Prentice Hall, New Jersey (1999)
Heberlein, T., Dias, G., Levitt, K., Mukherjee, B., Wood, J., Wolber, D.: A network security monitor. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 296–304. IEEE Computer Society, Oakland (1990)
Herrero, A., Navarro, M., Corchado, E., Julian, V.: RT-MOVICAB-IDS: addressing real-time intrusion detection. Futur. Gener. Comput. Syst. 29(1), 250–261 (2011)
Hubert, L., Schultz, J.: Quadratic assignment as a general data analysis strategy. Br. J. Math. Stat. Psychol. 29(2), 190–241 (1976)
Hung, S.S., Liu, D.S.M.: A user-oriented ontology-based approach for network intrusion detection. Comput. Stand. Interfaces 30(1-2), 78–88 (2008)
hybrid@hotmail.com: Distributed information gathering. Phrack Mag. Article 9 9(55) (1999)
Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: a rule-based intrusion detection approach. IEEE Trans. Softw. Eng. 21(3), 181–199 (1995)
Jiang, S., Song, X., Wang, H., Han, J.J., Li, Q.H.: A clustering-based method for unsupervised intrusion detections. Pattern Recogn. Lett. 27(7), 802–810 (2006)
Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 211–225. IEEE Computer Society, Oakland (2004)
Kang, I., Jeong, M.K., Kong, D.: A differentiated one-class classification method with applications to intrusion detection. Expert Syst. Appl. 39(4), 3899–3905 (2012)
Khan, L., Awad, M., Thuraisingham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J. 16(4), 507–521 (2007)
Khan, M.S.A.: Rule based network intrusion detection using genetic algorithm. Int. J. Comput. Appl. 18(8), 26–29 (2011)
Khreich, W., Granger, E., Miri, A., Sabourin, R.: Adaptive ROC-based ensembles of HMMs applied to anomaly detection. Pattern Recogn. 45(1), 208–230 (2012)
Kim, H., Kim, S., Kouritzin, M.A., Sun, W.: Detecting network portscans through anomaly detection. In: Proceedings of SPIE on Detecting Network Portscans Through Anomaly Detection, vol. 5429, pp. 254–263. SPIE, Orlando (2004)
Kohonen, T.: The self-organizing map. Proc. IEEE 78(9), 1464–1480 (1990)
Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. In: Proceedings of the 19th Annual Computer Security Applications Conference (2003)
Kuang, L.V.: DNIDS: a dependable network intrusion detection system using the CSI-KNN algorithm. Master’s thesis, Queen’s University Kingston, Ontario (2007)
Labib, K., Vemuri, R.: NSOM: A Tool to Detect Denial of Service Attacks Using Self-Organizing Maps. Tech. Rep., Department of Applied Science University of California, Davis (2002)
Leckie, C., Kotagiri, R.: A probabilistic approach to detecting network scans. In: Proceedings of the IEEE Network Operations and Management Symposium, pp. 359–372. IEEE Computer Society, Florence (2002)
Lee, W., Stolfo, S.J., Mok, K.W.: Adaptive intrusion detection: a data mining approach. Artif. Intell. Rev. 14(6), 533–567 (2000)
Lee, W., Xiang, D.: Information-theoretic measures for anomaly detection. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 130–143. IEEE Computer Society, Washington, DC (2001)
Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the 28th Australasian conference on Computer Science, vol. 38, pp. 333–342. Australian Computer Society, Inc., Darlinghurst (2005)
Li, Y., Luo, X., Qian, Y., Zhao, X.: Network-wide traffic anomaly detection and localization based on robust multivariate probabilistic calibration model. Math. Probl. Eng. 2015 (2015)
Liu, G., Yi, Z., Yang, S.: A hierarchical intrusion detection model based on the PCA neural networks. Neurocomputing 70(7-9), 1561–1568 (2007)
Locasto, M.E., Wang, K., Keromytis, A.D., Stolfo, S.J.: FLIPS: hybrid adaptive intrusion prevention. In: Recent Advances in Intrusion Detection, pp. 82–101 (2005)
Lu, W., Ghorbani, A.A.: Network anomaly detection based on wavelet analysis. EURASIP J. Adv. Signal Process. 2009(837601) (2009)
Lu, W., Tong, H.: Detecting network anomalies using CUSUM and EM clustering. In: Proceedings of the 4th International Symposium on Advances in Computation and Intelligence, pp. 297–308. Springer (2009). doi:http://dx.doi.org/10.1007/978-3-642-04843-2_32
Mabu, S., Chen, C., Lu, N., Shimada, K., Hirasawa, K.: An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Trans. Syst. Man Cybern. C Appl. Rev. 41(1), 130–139 (2011)
Mafra, P.M., Moll, V., Fraga, J.D.S., Santin, A.O.: Octopus-IIDS: an anomaly-based intelligent intrusion detection system. In: Proceedings of the IEEE Symposium on Computers and Communications, pp. 405–410. IEEE CS (2010)
Mahoney, M.V., Chan, P.K.: PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Tech. Rep. cs-2001-04, Dept. of Computer Science, Florida Tech (2001)
Mahoney, M.V., Chan, P.K.: Learning rules for anomaly detection of hostile network traffic. In: Proceedings of the 3rd IEEE International Conference on Data Mining. IEEE CS, Washington (2003)
Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. IEEE Commun. Mag. 40(10), 76–82 (2002)
Markou, M., Singh, S.: Novelty detection: a review—part 1: statistical approaches. Signal Process. 83(12), 2481–2497 (2003). doi:10.1016/j.sigpro.2003.07.018
Mateti, P.: Lecture Notes on Internet Security. Wright State University, Dayton, US (2010)
Mishra, B.K., Ansari, G.M.: Differential epidemic model of virus and worms in computer network. Int. J. Netw. Secur. 14(3), 149–155 (2012)
Mohajerani, M., Moeini, A., Kianie, M.: NFIDS: a neuro-fuzzy intrusion detection system. In: Proceedings of the 10th IEEE International Conference on Electronics, Circuits and Systems, vol. 1, pp. 348–351 (2003)
Muda, Z., Yassin, W., Sulaiman, M.N., Udzir, N.I.: A K-means and Naive-bayes learning approach for better intrusion detection. Inf. Technol. J. 10(3), 648–655 (2011)
Naldurg, P., Sen, K., Thati, P.: A temporal logic based framework for intrusion detection. In: Proceedings of the 24th IFIP WG 6.1 International Conference on Formal Techniques for Networked and Distributed Systems, pp. 359–376 (2004)
Neumann, B.: Knowledge management and assistance systems. http://kogs-www.informatik.uni-hamburg.de/~neumann/ (2007)
Nguyen, H.H., Harbi, N., Darmont, J.: An efficient local region and clustering-based ensemble system for intrusion detection. In: Proceedings of the 15th Symposium on International Database Engineering & Applications, pp. 185–191. ACM (2011)
Noel, S., Wijesekera, D., Youman, C.: Modern intrusion detection, data mining, and degrees of attack guilt. In: Proceedings of the International Conference on Applications of Data Mining in Computer Security. Springer (2002)
Noto, K., Brodley, C., Slonim, D.: Anomaly detection using an ensemble of feature models. In: Proceedings of the IEEE International Conference on Data Mining, pp. 953–958. IEEE CS (2010)
Otey, M.E., Ghoting, A., Parthasarathy, S.: Fast distributed outlier detection in mixed-attribute data sets. Data Min. Knowl. Disc. 12(2-3), 203–228 (2006)
Panda, M., Abraham, A., Patra, M.R.: Hybrid intelligent systems for detecting network intrusions. Secur. Commun. Netw. 8(16), 2741–2749 (2015). http://dx.doi.org/10.1002/sec.592
Parikh, D., Chen, T.: Data fusion and cost minimization for intrusion detection. IEEE Trans. Inf. Forensics Secur. 3(3), 381–389 (2008)
Parlos, A., Chong, K., Atiya, A.: Application of the recurrent multilayer perceptron in modeling complex process dynamics. IEEE Trans. Neural Netw. 5(2), 255–266 (1994)
Patcha, A., Park, J.M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)
Pawlak, Z.: Rough sets. Int. J. Parallel Prog. 11(5), 341–356 (1982)
Paxson, V.: Bro: a system for detecting network intruders in real-time. In: Proceedings of the the 7th USENIX Security Symposium, pp. 2435–2463. Usenix Association, San Antonio (1998)
Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling intrusion detection system using hybrid intelligent systems. J. Netw. Comput. Appl. 30(1), 114–132 (2007)
Perdisci, R., Ariu, D., Fogla, P., Giacinto, G., Lee, W.: McPAD: a multiple classifier system for accurate payload-based anomaly detection. Comput. Netw. 53(6), 864–881 (2009)
Perdisci, R., Gu, G., Lee, W.: Using an ensemble of one-class SVM classifiers to harden payload-based anomaly detection systems. In: Proceedings of the 6th International Conference on Data Mining, pp. 488–498. IEEE CS (2006)
Polikar, R.: Ensemble based systems in decision making. IEEE Circuits Syst. Mag. 6(3), 21–45 (2006)
Portnoy, L., Eskin, E., Stolfo, S.: Intrusion detection with unlabeled data using clustering. In: Proceedings of the ACM CSS Workshop on on Data Mining Applied to Security, pp. 5–8. Philadelphia (2001)
Prayote, A.: Knowledge based anomaly detection. Ph.D. thesis, School of Computer Science and Egineering, The University of New South Wales, Australia (2007)
Prayote, A., Compton, P.: Detecting Anomalies and Intruders. Adv. Artif. Intell. AI 2006 1084–1088 (2006)
Qadeer, M.A., Iqbal, A., Zahid, M., Siddiqui, M.R.: Network traffic analysis and intrusion detection using packet sniffer. In: Proceedings of the 2nd International Conference on Communication Software and Networks, pp. 313–317. IEEE Computer Society, Washington, DC (2010)
Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986)
Rehak, M., Pechoucek, M., Celeda, P., Novotny, J., Minarik, P.: CAMNEP: agent-based network intrusion detection system. In: Proceedings of the 7th International Joint Conference on Autonomous Agents and Multiagent Systems: Industrial Track, pp. 133–136. IFAAMS, Richland (2008)
Roesch, M.: Snort – lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration, pp. 229–238. Usenix Association, Seattle (1999)
Rokach, L.: Ensemble-based classifiers. Artif. Intell. Rev. 33(1–2), 1–39 (2010)
Romig, S.: The OSU flow-tools package and CISCO NetFlow logs. In: Proceedings of the 14th USENIX conference on System Administration, pp. 291–304. USENIX Association, Berklay (2000)
Rousseeuw, P.J.: Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J. Comput. Appl. Math. 20(1), 53–65 (1987)
SchAolkopf, B., Platt, J.C., Shawe-Taylor, J.C., Smola, A.J., Williamson, R.C.: Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443–1471 (2001)
Schapire, R.E.: A brief introduction to boosting. In: Proceedings of the 16th International Joint Conference on Artificial Intelligence, pp. 1401–1406. Morgan Kaufmann (1999)
Scheirer, W., Chuah, M.C.: Syntax vs. semantics: competing approaches to dynamic network intrusion detection. Int. J. Secur. Netw. 3(1), 24–35 (2008)
Schneier, B.: Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edn. Wiley, New York (1995)
Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., et al.: Specification-based anomaly detection: a new approach for detecting network intrusions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 265–274 (2002)
Selim, S., Hashem, M., Nazmy, T.M.: Hybrid multi-level intrusion detection system. Int. J. Comput. Sci. Inf. Secur. 9(5), 23–29 (2011)
Sequeira, K., Zaki, M.: ADMIT: anomaly-based data mining for intrusions. In: Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 386–395. ACM, New York (2002)
Shabtai, A., Kanonov, U., Elovici, Y.: Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method. J. Syst. Softw. 83(8), 1524–1537 (2010)
Shifflet, J.: A technique independent fusion model for network intrusion detection. In: Proceedings of the Midstates Conference on Undergraduate Research in Computer Science and Mathematics, vol. 3, pp. 13–19 (2005)
Song, S., Ling, L., Manikopoulo, C.: Flow-based statistical aggregation schemes for network anomaly detection. In: Proceedings of the IEEE International Conference on Networking, Sensing and Control, pp. 786–791. IEEE, Ft. Lauderdale (2006)
Song, X., Wu, M., Jermaine, C., Ranka, S.: Conditional anomaly detection. IEEE Trans. Knowl. Data Eng. 19(5), 631–645 (2007)
Sridharan, A., Ye, T., Bhattacharyya, S.: Connectionless port scan detection on the backbone. In: Proceedings of the 25th IEEE International Conference on Performance, Computing, and Communications, pp. 567–576. IEEE Computer Society, Phoenix (2006)
Staniford-Chen, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: GrIDS: a graph based intrusion detection system for large networks. In: Proceedings of the 19th National Information Systems Security Conference, pp. 361–370. NIST, CSRC, Baltimore (1996)
Su, M.Y., Yu, G.J., Lin, C.Y.: A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach. Comput. Secur. 28(5), 301–309 (2009)
Subramoniam, N., Pawar, P.S., Bhatnagar, M., Khedekar, N.S., Guntupalli, S., Satyanarayana, N., Vijayakumar, V.A., Ampatt, P.K., Ranjan, R., Pandit, P.S.: Development of a comprehensive intrusion detection system – challenges and approaches. In: Proceedings of the 1st International Conference on Information Systems Security, pp. 332–335. Kolkata (2005)
Sun, J., Yang, H., Tian, J., Wu, F.: Intrusion detection method based on wavelet neural network. In: Proceedings of the 2nd International Workshop on Knowledge Discovery and Data Mining, pp. 851–854. IEEE CS (2009)
Tajbakhsh, A., Rahmati, M., Mirzaei, A.: Intrusion detection using fuzzy association rules. Appl. Soft Comput. 9(2), 462–469 (2009)
Tong, H., Li, C., He, J., Chen, J., Tran, Q.A., Duan, H.X., Li, X.: Anomaly internet network traffic detection by kernel principle component classifier. In: Proceedings of the 2nd International Symposium on Neural Networks, LNCS, vol. 3498, pp. 476–481 (2005)
Tong, X., Wang, Z., Yu, H.: A research using hybrid RBF/Elman neural networks for intrusion detection system secure model. Comput. Phys. Commun. 180(10), 1795–1801 (2009)
Treurniet, J.: A network activity classification schema and its application to scan detection. IEEE/ACM Trans. Netw. 19(5), 1396–1404 (2011)
Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11,994–12,000 (2009)
Udhayan, J., Prabu, M.M., Krishnan, V.A., Anitha, R.: Reconnaissance scan detection heuristics to disrupt the pre-attack information gathering. In: Proceedings of the International Conference on Network and Service Security, pp. 1–5. IEEE Computer Society, ESIEA-9, 75005 Paris (2009)
Visconti, A., Tahayori, H.: Artificial immune system based on interval type-2 fuzzy set paradigm. Appl. Soft Comput. 11(6), 4055–4063 (2011)
Wagner, C., François, J., State, R., Engel, T.: Machine learning approach for IP-flow record anomaly detection. In: Proceedings of the 10th International IFIP TC 6 conference on Networking – Volume Part I, pp. 28–39 (2011)
Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Proceedings of the Recent Advances in Intrusion Detection, pp. 203–222. Springer (2004)
Wattenberg, F.S., Perez, J.I.A., Higuera, P.C., Fernandez, M.M., Dimitriadis, I.A.: Anomaly detection in network traffic based on statistical inference and α-stable modeling. IEEE Trans. Dependable Secure Comput. 8(4), 494–509 (2011)
Xian, J.Q., Lang, F.H., Tang, X.L.: A novel intrusion detection method based on clonal selection clustering algorithm. In: Proceedings of the International Conference on Machine Learning and Cybernetics, vol. 6. IEEE Press (2005)
Xie, X.L., Beni, G.: A validity measure for fuzzy clustering. IEEE Trans. Pattern Anal. Mach. Intell. 13(4), 841–847 (1991)
Xu, X.: Sequential anomaly detection based on temporal difference learning: principles, models and case studies. Appl. Soft Comput. 10(3), 859–867 (2010)
Yan, R., Shao, C.: Hierarchical method for anomaly detection and attack identification in high-speed network. Inf. Technol. J. 11(9), 1243–1250 (2012)
Yong, H., Feng, Z.X.: Expert system based intrusion detection system. In: Proceedings of the International Conference on Information Management, Innovation Management and Industrial Engineering, vol. 4, pp. 404–407 (2010)
Yu, H., Kim, S.: SVM tutorial – classification, regression and ranking. In: Handbook of Natural Computing. Springer, Berlin/Heidelberg (2003)
Yu, M.: A Nonparametric adaptive CUSUM method and its application in network anomaly detection. Int. J. Adv. Comput. Technol. 4(1), 280–288 (2012)
Yu, X.: A new model of intelligent hybrid network intrusion detection system. In: Proceedings of the International Conference on Bioinformatics and Biomedical Technology, pp. 386–389. IEEE CS (2010)
Zhang, C., Zhang, G., Sun, S.: A mixed unsupervised clustering-based intrusion detection model. In: Proceedings of the 3rd International Conference on Genetic and Evolutionary Computing, pp. 426–428. IEEE CS (2009)
Zhang, H.L.: Agent-based open connectivity for decision support systems. Ph.D. thesis, School of Computer Science and Mathematics, Victoria University (2007)
Zhang, J., Zulkernine, M.: A hybrid network intrusion detection technique using random forests. In: Proceedings of the 1st International Conference on Availability, Reliability and Security, pp. 262–269. IEEE CS (2006). doi:10.1109/ARES.2006.7
Zhang, J., Zulkernine, M., Haque, A.: Random-forests-based network intrusion detection systems. IEEE Trans. Syst. Man Cybern. C 38(5), 649–659 (2008)
Zhang, Y., Fang, B.: A novel approach to scan detection on the backbone. In: Proceedings of the Sixth International Conference on Information Technology: New Generations, pp. 16–21. IEEE Computer Society, Washington, DC (2009)
Zhang, Y.F., Xiong, Z.Y., Wang, X.Q.: Distributed intrusion detection based on clustering. In: Proceedings of the International Conference on Machine Learning and Cybernetics, vol. 4, pp. 2379–2383 (2005)
Zhang, Z., Li, J., Manikopoulos, C.N., Jorgenson, J., Ucles, J.: HIDE: a hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In: Proceedings of IEEE Man Systems and Cybernetics Information Assurance Workshop (2001)
Zhi-dong, L., Wu, Y., Wei, W., Da-peng, M.: Decision-level fusion model of multi-source intrusion detection alerts. J. Commun. 32(5), 121–128 (2011)
Zhuang, Z., Li, Y., Chen, Z.: Enhancing intrusion detection system with proximity information. Int. J. Secur. Netw. 5(4), 207–219 (2010)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K. (2017). Network Traffic Anomaly Detection Techniques and Systems. In: Network Traffic Anomaly Detection and Prevention. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-65188-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-65188-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65186-6
Online ISBN: 978-3-319-65188-0
eBook Packages: Computer ScienceComputer Science (R0)