Skip to main content
SpringerLink
Log in

Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

In recent years, there are more and more abnormal activities in the network, which greatly threaten network security. Hence, it is of great importance to collect the data which indicate the running statement of the network, and distinguish the anomaly phenomena of the network in time. In this paper, we propose a novel anomaly network traffic detection algorithm under the cloud computing environment. Firstly, the framework of the anomaly network traffic detection system is illustrated, and six type of network traffic features are consider in this work, that is, (1) number of source IP address, (2) number of source port number, (3) number of destination IP address, (4) number of destination port number, (5) Number of packet type, and (6) number of network packets. Secondly, we propose a novel hybrid information entropy and SVM model to tackle the proposed problem by normalizing values of network features and exploiting SVM detect anomaly network behaviors. Finally, experimental results demonstrate that the proposed algorithm can detect anomaly network traffic with high accuracy and it can also be used in the large scale dataset.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Jiang, D.D., Xu, Z.Z., Zhang, P., Zhu, T.: A transform domain-based anomaly detection approach to network-wide traffic. J. Netw. Comput. Appl. 40, 292–306 (2014)

    Article  Google Scholar 

  2. Zheng, L.M., Zou, P., Jia, Y., Han, W.H.: Traffic anomaly detection in backbone networks using classification of multidimensional time series of entropy. China Commun. 9(7), 108–120 (2012)

    Google Scholar 

  3. Qian, Y.G., Wu, C.M., Yang, Q., Wang, B.: Network traffic anomaly detection based on maximum entropy model. Chin. J. Electron. 21(3), 579–582 (2012)

    Google Scholar 

  4. Choras, M., Saganowski, L., Renk, R., Holubowicz, W.: Statistical and signal-based network traffic recognition for anomaly detection. Expert Syst. 29(3), 232–245 (2012)

    Article  Google Scholar 

  5. Catania, C.A., Bromberg, F., Garino, C.G.: An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Syst. Appl. 39(2), 1822–1829 (2012)

    Article  Google Scholar 

  6. Callegari, C., Giordano, S., Pagano, M., Pepe, T.: Detecting anomalies in backbone network traffic: a performance comparison among several change detection methods. Int. J. Sens. Netw. 11(4), 205–214 (2012)

    Article  Google Scholar 

  7. Simmross-Wattenberg, F., Asensio-Perez, J.I., Casaseca-de-la-Higuera, P., Martin-Fernandez, M., Dimitriadis, I.A., Alberola-Lopez, C.: Anomaly detection in network traffic based on statistical inference and alpha-stable modeling. IEEE Trans. Dependable Secure Comput. 8(4), 494–509 (2011)

    Article  Google Scholar 

  8. Xiong, W., Hu, H.P., Xiong, N.X., Yang, L.T., Peng, W.C., Wang, X.F., Qu, Y.Z.: Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communication? Inf. Sci. 258, 403–415 (2014)

    Article  Google Scholar 

  9. Zhang, J., Zhang, Z.F., Guo, H.: Towards secure data distribution systems in mobile cloud computing. IEEE Trans. Mob. Comput. 16(11), 3222–3235 (2017)

    Article  Google Scholar 

  10. Stergiou, C., Psannis, K.E.: Efficient and secure BIG data delivery in cloud computing. Multimedia Tools Appl. 76(21), 22803–22822 (2017)

    Article  Google Scholar 

  11. Priyadarshinee, P., Raut, R.D., Jha, M.K., Gardas, B.B.: Understanding and predicting the determinants of cloud computing adoption: a two staged hybrid SEM—neural networks approach. Comput. Hum. Behav. 76, 341–362 (2017)

    Article  Google Scholar 

  12. Parthasarathy, S., Venkateswaran, C.J.: Scheduling jobs using oppositional-GSO algorithm in cloud computing environment. Wireless Netw. 23(8), 2335–2345 (2017)

    Article  Google Scholar 

  13. Cheng, L., Tachmazidis, I., Kotoulas, S., Antoniou, G.: Design and evaluation of small-large outer joins in cloud computing environments. J. Parallel Distrib. Comput. 110, 2–15 (2017)

    Article  Google Scholar 

  14. Nie, L.S., Jiang, D.D., Lv, Z.H.: Modeling network traffic for traffic matrix estimation and anomaly detection based on Bayesian network in cloud computing networks. Ann. Telecommun. 72(5–6), 297–305 (2017)

    Article  Google Scholar 

  15. Bang, J.H., Cho, Y.J., Kang, K.: Anomaly detection of network-initiated LTE signaling traffic in wireless sensor and actuator networks based on a Hidden semi-Markov Model. Comput. Secur. 65, 108–120 (2017)

    Article  Google Scholar 

  16. AsSadhan, B., Zeb, K., Al-Muhtadi, J., Alshebeili, S.: Anomaly detection based on LRD behavior analysis of decomposed control and data planes network traffic using SOSS and FARIMA Models. IEEE Access 5, 13501–13519 (2017)

    Article  Google Scholar 

  17. Zhang, Z.H., He, Q., Tong, H.H., Gou, J.Z., Li, X.L.: Spatial-temporal traffic flow pattern identification and anomaly detection with dictionary-based compression theory in a large-scale urban network. Transp. Res. Part C 71, 284–302 (2016)

    Article  Google Scholar 

  18. Kasai, H., Kellerer, W., Kleinsteuber, M.: Network volume anomaly detection and identification in large-scale networks based on online time-structured traffic tensor tracking. IEEE Trans. Netw. Serv. Manage. 13(3), 636–650 (2016)

    Article  Google Scholar 

  19. Jiang, D.D., Yuan, Z., Zhang, P., Miao, L., Zhu, T.: A traffic anomaly detection approach in communication networks for applications of multimedia medical devices. Multimedia Tools Appl. 75(22), 14281–14305 (2016)

    Article  Google Scholar 

  20. Ding, M.M., Tian, H.: PCA-based network traffic anomaly detection. Tsinghua Sci. Technol. 21(5), 500–509 (2016)

    Article  Google Scholar 

  21. Derhab, A., Bouras, A.: Lightweight anomaly-based intrusion detection system for multi-feature traffic in wireless sensor networks. Ad Hoc Sens. Wireless Netw. 30(3–4), 201–217 (2016)

    Google Scholar 

  22. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: A multi-step outlier-based anomaly detection approach to network-wide traffic. Inf. Sci. 348, 243–271 (2016)

    Article  Google Scholar 

  23. Zhang, J., Li, H.Z., Gao, Q.G., Wang, H., Luo, Y.L.: Detecting anomalies from big network traffic data using an adaptive detection approach. Inf. Sci. 318, 91–110 (2015)

    Article  MathSciNet  Google Scholar 

  24. Santiago-Paz, J., Torres-Roman, D., Figueroa-Ypina, A., Argaez-Xool, J.: Using generalized entropies and OC-SVM with Mahalanobis kernel for detection and classification of anomalies in network traffic. Entropy 17(9), 6239–6257 (2015)

    Article  MathSciNet  Google Scholar 

  25. Jiang, D.D., Yao, C., Xu, Z.Z., Qin, W.D.: Multi-scale anomaly detection for high-speed network traffic. Trans. Emerg. Telecommun. Technol. 26(3), 308–317 (2015)

    Article  Google Scholar 

  26. Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1–3), 59–84 (2015)

    Article  MathSciNet  Google Scholar 

  27. Yuan, J., Yuan, R.X., Chen, X.: Network anomaly detection based on multi-scale dynamic characteristics of traffic. Int. J. Comput. Commun. Control 9(1), 101–112 (2014)

    Article  Google Scholar 

  28. Bay, S., Schwabacher, M.: Mining distance-based outliers in near linear time with randomization and a simple pruning rule. In: Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 29–38 (2003)

  29. Breunig, M. M., Kriegel, H. -P., Ng, R. T., Sander, J.: LOF: identifying density-based local outliers. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, 386–395 (2000)

  30. Pei, Y., Zaiane, O. R., Gao, Y.: An efficient reference-based approach to outlier detection in large datasets. In: Proceedings of the 6th International Conference on Data Mining, IEEE, USA, 478–487 (2006)

Download references

Acknowledgements

The authors are very thankful to the editors and anonymous reviewers for providing very thoughtful comments which have lead to an improved version of this paper. This work was supported by the Natural Science Foundation of China (No. 61572033) and also supported by General program of humanistic and social science research in Anhui provincial higher education promotion plan (TSSK2016B27); 2017 General topic capital of online educational research fund by online education research center of Department of Education(2017YB101) and Key topics of national education information technology research(176120003).

Author information

Authors and Affiliations

  1. Modern education technology center, Anhui Polytechnic University, Anhui, 241000, Wuhu, China

    Chen Yang

Authors
  1. Chen Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chen Yang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yang, C. Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Cluster Comput 22 (Suppl 4), 8309–8317 (2019). https://doi.org/10.1007/s10586-018-1755-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-018-1755-5

Keywords

Search

Navigation