Advertisement

Anomaly Internet Network Traffic Detection by Kernel Principle Component Classifier

  • Hanghang Tong
  • Chongrong Li
  • Jingrui He
  • Jiajian Chen
  • Quang-Anh Tran
  • Haixin Duan
  • Xing Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3498)

Abstract

As a crucial issue in computer network security, anomaly detection is receiving more and more attention from both application and theoretical point of view. In this paper, a novel anomaly detection scheme is proposed. It can detect anomaly network traffic which has extreme large value on some original feature by the major component, or does not follow the correlation structure of normal traffic by the minor component. By introducing kernel trick, the non-linearity of network traffic can be well addressed. To save the processing time, a simplified version is also proposed, where only major component is adopted. Experimental results validate the effectiveness of the proposed scheme.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Hansegawa, M., Wu, G., Mizuno, M.: Applications of Nonlinear Prediction Methods to the Internet Traffic. In: The 2001 IEEE International Symposium on Circuits and Systems, pp. 169–172 (2001)Google Scholar
  2. 2.
    Heady, R., Luger, G., Maccabe, A., Servilla, M.: The Architecture of a Network Level Intrusion Detection System. Tech. Report, University of New Mexico (1990)Google Scholar
  3. 3.
    Leland, W.E., Taqqu, M.S., Willinger, W., Wilson, D.: On the Self-similar Nature of Ethernet Traffic. IEEE/ACM Tran. on Networking, 1-15 (1994)Google Scholar
  4. 4.
    Mahoney, M., Chan, P.K.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. SIGKDD, 376-385 (2002)Google Scholar
  5. 5.
    Markou, M., Singh, S.: Novelty Detection: A Review Part1: Statistical Approaches. Signal Processing (2003)Google Scholar
  6. 6.
    Markou, M., Singh, S.: Novelty Detection: A Review Part2: Neural Network-based Approaches. Signal Processing (2003)Google Scholar
  7. 7.
    Ostring, S., Sirisena, H.: The Influence of Long-rang Dependence on Traffic Prediction. In: IEEE ICC, pp. 1000–1005 (2001)Google Scholar
  8. 8.
    Paxson, V.B.: A System for Detecting Network Intruders in Real-Time. In: Proceedings of the 7’th USENIX Security Symposium, Lawrence Berkley National Laboratory (1998)Google Scholar
  9. 9.
    Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: Proceedings of USENIX Lisa 1999 (1999)Google Scholar
  10. 10.
    Scholkopf, B., Smola, A.J., Muller, K.R.: Nonlinear Component Analysis as a Kernel Eigenvalue Problem. Neural Computation, 1299-1319 (1998)Google Scholar
  11. 11.
    Shyu, M.L., Chen, S.C., Sarinnapakorn, K., Chang, L.W.: A Novel Abnormal Detection Scheme Based on Principle Component classifier. In: ICDM (2003)Google Scholar
  12. 12.
    Tong, H., Li, C., He, J.: A Boosting-Based Framework for Self-similar and Non-linear Interet Traffic Prediction. In: Yin, F.-L., Wang, J., Guo, C. (eds.) ISNN 2004. LNCS, vol. 3174, pp. 931–936. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Tran, Q.A., Duan, H., Li, X.: One-Class Support Vector Machine for Anomaly Network Traffic Detection. In: APAN (2004)Google Scholar
  14. 14.
    Vapnik, V.N.: An Overview of Statistical Learning Theory. IEEE Trans. on Neural Networks, 988-999 (1999)Google Scholar
  15. 15.
    Ye, N., Chen, Q.: An Anomaly Detection Technique Based on a Chi-Square Statistic for Detecting Intrusions into Information Systems. Quality and Reliability Eng. Int’l, 105-112 (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Hanghang Tong
    • 1
  • Chongrong Li
    • 2
  • Jingrui He
    • 1
  • Jiajian Chen
    • 1
  • Quang-Anh Tran
    • 2
  • Haixin Duan
    • 2
  • Xing Li
    • 2
  1. 1.Department of AutomationTsinghua UniversityBeijingChina
  2. 2.Network Research Center of Tsinghua UniversityBeijingChina

Personalised recommendations