Abstract
In recent years, there are more and more abnormal activities in the network, which greatly threaten network security. Hence, it is of great importance to collect the data which indicate the running statement of the network, and distinguish the anomaly phenomena of the network in time. In this paper, we propose a novel anomaly network traffic detection algorithm under the cloud computing environment. Firstly, the framework of the anomaly network traffic detection system is illustrated, and six type of network traffic features are consider in this work, that is, (1) number of source IP address, (2) number of source port number, (3) number of destination IP address, (4) number of destination port number, (5) Number of packet type, and (6) number of network packets. Secondly, we propose a novel hybrid information entropy and SVM model to tackle the proposed problem by normalizing values of network features and exploiting SVM detect anomaly network behaviors. Finally, experimental results demonstrate that the proposed algorithm can detect anomaly network traffic with high accuracy and it can also be used in the large scale dataset.
Similar content being viewed by others
References
Jiang, D.D., Xu, Z.Z., Zhang, P., Zhu, T.: A transform domain-based anomaly detection approach to network-wide traffic. J. Netw. Comput. Appl. 40, 292–306 (2014)
Zheng, L.M., Zou, P., Jia, Y., Han, W.H.: Traffic anomaly detection in backbone networks using classification of multidimensional time series of entropy. China Commun. 9(7), 108–120 (2012)
Qian, Y.G., Wu, C.M., Yang, Q., Wang, B.: Network traffic anomaly detection based on maximum entropy model. Chin. J. Electron. 21(3), 579–582 (2012)
Choras, M., Saganowski, L., Renk, R., Holubowicz, W.: Statistical and signal-based network traffic recognition for anomaly detection. Expert Syst. 29(3), 232–245 (2012)
Catania, C.A., Bromberg, F., Garino, C.G.: An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Syst. Appl. 39(2), 1822–1829 (2012)
Callegari, C., Giordano, S., Pagano, M., Pepe, T.: Detecting anomalies in backbone network traffic: a performance comparison among several change detection methods. Int. J. Sens. Netw. 11(4), 205–214 (2012)
Simmross-Wattenberg, F., Asensio-Perez, J.I., Casaseca-de-la-Higuera, P., Martin-Fernandez, M., Dimitriadis, I.A., Alberola-Lopez, C.: Anomaly detection in network traffic based on statistical inference and alpha-stable modeling. IEEE Trans. Dependable Secure Comput. 8(4), 494–509 (2011)
Xiong, W., Hu, H.P., Xiong, N.X., Yang, L.T., Peng, W.C., Wang, X.F., Qu, Y.Z.: Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communication? Inf. Sci. 258, 403–415 (2014)
Zhang, J., Zhang, Z.F., Guo, H.: Towards secure data distribution systems in mobile cloud computing. IEEE Trans. Mob. Comput. 16(11), 3222–3235 (2017)
Stergiou, C., Psannis, K.E.: Efficient and secure BIG data delivery in cloud computing. Multimedia Tools Appl. 76(21), 22803–22822 (2017)
Priyadarshinee, P., Raut, R.D., Jha, M.K., Gardas, B.B.: Understanding and predicting the determinants of cloud computing adoption: a two staged hybrid SEM—neural networks approach. Comput. Hum. Behav. 76, 341–362 (2017)
Parthasarathy, S., Venkateswaran, C.J.: Scheduling jobs using oppositional-GSO algorithm in cloud computing environment. Wireless Netw. 23(8), 2335–2345 (2017)
Cheng, L., Tachmazidis, I., Kotoulas, S., Antoniou, G.: Design and evaluation of small-large outer joins in cloud computing environments. J. Parallel Distrib. Comput. 110, 2–15 (2017)
Nie, L.S., Jiang, D.D., Lv, Z.H.: Modeling network traffic for traffic matrix estimation and anomaly detection based on Bayesian network in cloud computing networks. Ann. Telecommun. 72(5–6), 297–305 (2017)
Bang, J.H., Cho, Y.J., Kang, K.: Anomaly detection of network-initiated LTE signaling traffic in wireless sensor and actuator networks based on a Hidden semi-Markov Model. Comput. Secur. 65, 108–120 (2017)
AsSadhan, B., Zeb, K., Al-Muhtadi, J., Alshebeili, S.: Anomaly detection based on LRD behavior analysis of decomposed control and data planes network traffic using SOSS and FARIMA Models. IEEE Access 5, 13501–13519 (2017)
Zhang, Z.H., He, Q., Tong, H.H., Gou, J.Z., Li, X.L.: Spatial-temporal traffic flow pattern identification and anomaly detection with dictionary-based compression theory in a large-scale urban network. Transp. Res. Part C 71, 284–302 (2016)
Kasai, H., Kellerer, W., Kleinsteuber, M.: Network volume anomaly detection and identification in large-scale networks based on online time-structured traffic tensor tracking. IEEE Trans. Netw. Serv. Manage. 13(3), 636–650 (2016)
Jiang, D.D., Yuan, Z., Zhang, P., Miao, L., Zhu, T.: A traffic anomaly detection approach in communication networks for applications of multimedia medical devices. Multimedia Tools Appl. 75(22), 14281–14305 (2016)
Ding, M.M., Tian, H.: PCA-based network traffic anomaly detection. Tsinghua Sci. Technol. 21(5), 500–509 (2016)
Derhab, A., Bouras, A.: Lightweight anomaly-based intrusion detection system for multi-feature traffic in wireless sensor networks. Ad Hoc Sens. Wireless Netw. 30(3–4), 201–217 (2016)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: A multi-step outlier-based anomaly detection approach to network-wide traffic. Inf. Sci. 348, 243–271 (2016)
Zhang, J., Li, H.Z., Gao, Q.G., Wang, H., Luo, Y.L.: Detecting anomalies from big network traffic data using an adaptive detection approach. Inf. Sci. 318, 91–110 (2015)
Santiago-Paz, J., Torres-Roman, D., Figueroa-Ypina, A., Argaez-Xool, J.: Using generalized entropies and OC-SVM with Mahalanobis kernel for detection and classification of anomalies in network traffic. Entropy 17(9), 6239–6257 (2015)
Jiang, D.D., Yao, C., Xu, Z.Z., Qin, W.D.: Multi-scale anomaly detection for high-speed network traffic. Trans. Emerg. Telecommun. Technol. 26(3), 308–317 (2015)
Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 101(1–3), 59–84 (2015)
Yuan, J., Yuan, R.X., Chen, X.: Network anomaly detection based on multi-scale dynamic characteristics of traffic. Int. J. Comput. Commun. Control 9(1), 101–112 (2014)
Bay, S., Schwabacher, M.: Mining distance-based outliers in near linear time with randomization and a simple pruning rule. In: Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 29–38 (2003)
Breunig, M. M., Kriegel, H. -P., Ng, R. T., Sander, J.: LOF: identifying density-based local outliers. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, 386–395 (2000)
Pei, Y., Zaiane, O. R., Gao, Y.: An efficient reference-based approach to outlier detection in large datasets. In: Proceedings of the 6th International Conference on Data Mining, IEEE, USA, 478–487 (2006)
Acknowledgements
The authors are very thankful to the editors and anonymous reviewers for providing very thoughtful comments which have lead to an improved version of this paper. This work was supported by the Natural Science Foundation of China (No. 61572033) and also supported by General program of humanistic and social science research in Anhui provincial higher education promotion plan (TSSK2016B27); 2017 General topic capital of online educational research fund by online education research center of Department of Education(2017YB101) and Key topics of national education information technology research(176120003).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yang, C. Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Cluster Comput 22 (Suppl 4), 8309–8317 (2019). https://doi.org/10.1007/s10586-018-1755-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-018-1755-5