Abstract
Monitoring Internet traffic in order to both dynamically tune network resources and ensure services continuity is a big challenge. Two main research issues characterize the analysis of the huge amount of data generated by Internet traffic: 1) learning a normal adaptive model which must be able to detect anomalies, and 2) computational efficiency of the learning algorithm in order to work properly on-line. In this chapter, we propose a methodology which returns a set of symbolic objects representing an adaptive model of ‘normal’ daily network traffic. The model can then be used to discover traffic anomalies of interest for the network administrator.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BREUNIG, M., KRIEGEL, H., NG, R., SANDER, J. (2000): LOF: Identifying Density-Based Local Outliers. In Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data, Dallas, Texas, United States.
CARUSO, C. (2007): A Data Mining Methodology for Anomaly Detection in Network Data: Choosing System-Defined Decision Boundaries. Proceedings of the 15 th Italian Symposium on Advanced DataBase Systems. SEBD2007. To appear.
CARUSO, C., MALERBA, D., PAPAGNI, D. (2005): Learning the daily model of network traffic. Proceedings of ISMIS 2005, 15th International Symposium, Saratoga Springs, NY, USA, May 2005. Springer, LNAI 3488; Foundations of Intelligent Systems; pagg. 131–141.
CARUSO, C., MALERBA, D. (2007): A Data Mining Methodology for Anomaly Detection in Network Data. Proceedings of the 11 th International Conference on Knowledge-Based and Intelligent Information & Engineering Systems. KES2007. To appear.
ESKIN, E., ARNOLD, A., PRERAU, M., PORTNOY, L., STOLFO, S. (2002): A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In Workshop on Data Mining for Security Applications.
ESPOSITO, F., MALERBA, D., TAMMA V. (2000): Dissimilarity Measures for Symbolic Objects. Chapter 8.3 in H.-H. Bock and E. Diday (Eds.), Analysis of Symbolic Data. Exploratory methods for extracting statistical information from complex data, Series: Studies in Classification, Data Analysis, and Knowledge Organization, vol. 15, Springer-Verlag: Berlin, 165–185.
GHOTING, A., OTEY, M.E., PARTHASARATHY, S. (2004): Loaded: Link-based Outlier and Anomaly detection in Evolving Data Sets. In Proceeedings of the IEEE International Conference on Data Mining.
GOWDA, K.C., DIDAY, E. (1991): Symbolic Clustering Using a New Dissimilarity Measure. In Pattern Recognition, Vol. 24, No. 6, 567–578.
HOFMEYR, S., FORREST, S., SOMAYAJI, A. (1998): Intrusion Detection using Sequences of System Calls. Journal of Computer Security 6(1–2), 151–180.
JAIN, A.K., MURTY, M.N., FLYN, P.J. (1999): Data Clustering: a Review. ACM Computing Surveys, Vol.31, No.3.
KNORR, N., NG, P.(1998): Algorithms for Mining Distance-Based Outliers in Large Datasets. Proceedings of 24th International Conference on Very Large Data Bases, VLDB.
LAZAREVIC, A., OZGUR, A., ERTOZ, L., SRIVASTAVA, J., KUMAR, V. (2003): A comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. Proceedings of Third SIAM Conference on Data Mining.
MAHENSHKUMAR, R.S., NEILL, D.B., MOORE, A.W. (2005): Detecting Anomalous Patterns in Pharmacy Retail Data. KDD-2005 Workshop on Data Mining Methods for Anomaly Detection.
MAHONEY, M., CHAN, P. (2002): Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining. ages: 376–385.
McLACHLAN, G.J., KRISHAN, T. (1997): The EM Algorithm and Extensions. John Wiley & Sons.
RAMASWAMY, S., RASTOGI, R., KYUSEOK, S. (2000): Efficient Algorithms for Mining Outliers from Large Data Sets. Proceedings of the 2000 ACM SIGMOD international conference on Management of data. Pages: 427–438.
SHMUELI, G. (2005): Current and Potential Statistical Methods for Anomaly Detection in Modern Time Series Data: The Case of Biosurveillance. KDD-2005 Data Mining Methods for Anomaly Detection.
TAKEUCHI, J., YAMANASHI, K. (2006): A Unifying Framework for Identifying Changing Points and Outliers. IEEE Transactions on Knowledge and Data Engineering. Vol.18, No.4.
TANDON, G., CHAN, P. (2003): Learning Rules from System Call Arguments and Sequences for Anomaly Detection. Workshop on Data Mining for Computer Security. ICDM 2003.
WANG, K., STOLFO, S. (2003): One Class Training for Masquerade Detection. Workshop on Data Mining for Computer Security. ICDM 2003.
WANG, K., STOLFO, S. (2004): Anomalous Payload-based Network Intrusion Detection. In E. Jonsson, A. Valdes, M. Almgren (Eds.): Recent Advances in Intrusion Detection. Springer, Berlin, 203–222.
WITTEN, I., FRANK, E. (1998): Generate Accurate Rule Sets Without Global Optimisation. Machine Learning: Proceedings of the 15th International Conference, Morgan Kaufmann Publishers, San Francisco, USA.
YAMANISHI, K. (2000): On-line unsupervised outlier detection using finite mixture with discounting learning algorithms. Proceedings of the 6th ACM SIGKDD international conference on Knowledge discovery and data mining, 320–324.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Caruso, C., Malerba, D. (2007). Symbolic Analysis to Learn Evolving CyberTraffic. In: Brito, P., Cucumel, G., Bertrand, P., de Carvalho, F. (eds) Selected Contributions in Data Analysis and Classification. Studies in Classification, Data Analysis, and Knowledge Organization. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73560-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-73560-1_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73558-8
Online ISBN: 978-3-540-73560-1
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)