Skip to main content
SpringerLink
Log in
Book cover

International Conference of Pioneering Computer Scientists, Engineers and Educators

ICPCSEE 2017: Data Science pp 192–206Cite as

A Cooperative Abnormal Behavior Detection Framework Based on Big Data Analytics

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 727))

Abstract

As cyber attacks increase in volume and complexity, it becomes more and more difficult for existing analytical tools to detect previously unseen malware. This paper proposes a cooperative framework to leverage the robustness of big data analytics and the power of ensemble learning techniques to detect the abnormal behavior. In addition to this proposal, we implement a large scale network abnormal traffic behavior detection system performed by the framework. The proposed model detects the abnormal behavior from large scale network traffic data using a combination of a balanced decomposition algorithm and an ensemble SVM. First, the collected dataset is divided into k subsets based on the similarity between patterns using a parallel map reduce k-means algorithm. Then, patterns are randomly selected from each cluster and balanced training sub datasets are formed. Next, the subsets are fed into the mappers to build an SVM model. The construction of the ensemble is achieved in the reduce phase. The proposed structure closely delivers a high accuracy as the number of iterations increases. Experimental results show a promising gain in detection rate and false alarm compared with other existing models.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Tsai, C.F., Hsu, Y.F., Lin, C.Y., Lin, W.Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36(10), 11994–12000 (2009)

    Article  Google Scholar 

  2. Janssen, T., Grady, N.: Big data for combating cyber attacks. In: CEUR Workshop Proceedings, Fairfax, vol. 1097, pp. 151–158 (2013)

    Google Scholar 

  3. Cardenas, A.A., Manadhata, P.K., Rajan, S.P.: Big data analytics for security. IEEE Secur. Priv. 11(6), 74–76 (2013)

    Article  Google Scholar 

  4. Scarfone, K.A., Mell, P.M.: Guide to intrusion detection and prevention systems (IDPS), Special Publication (NIST SP), pp. 800–894 (2007)

    Google Scholar 

  5. Jones, A.K., Sielken, R.S.: Computer system intrusion detection: a survey. Technical report, Computer Science Department, University of Virginia (2000)

    Google Scholar 

  6. Zamani, M., Movahedi, M.: Machine learning techniques for intrusion detection (2013). arXiv preprint arXiv:1312-2177

  7. Suthaharan, S.: Big data classification: problems and challenges in network intrusion prediction with machine learning. ACM SIGMETRICS Perform. Eval. Rev. 41(4), 70–73 (2014)

    Article  Google Scholar 

  8. Lee, Y., Lee, Y.: Toward scalable internet traffic measurement and analysis with Hadoop. SIGCOMM Comput. Commun. Rev. 43(1), 5–13 (2012)

    Article  Google Scholar 

  9. Ahn, S.H., Kim, N.U., Chung, T.M.: Big data analysis system concept for detecting unknown attacks. In: 16th International Conference on Advanced Communication Technology (ICACT), South Korea, pp. 16–19 (2014)

    Google Scholar 

  10. Marchal, S., Jiang, X., State, R., Engel, T.: A big data architecture for large scale security monitoring. In: Proceedings of IEEE International Congress Big Data, Anchorage, pp. 56–63 (2010)

    Google Scholar 

  11. Rathore, M.M., Ahmad, A., Paul, A.: Real time intrusion detection system for ultra-high-speed big data environments. J. Supercomput. 72(9), 3489–3510 (2016)

    Article  Google Scholar 

  12. Dos Santos, E.M.: Static and dynamic overproduction and selection of classifier ensembles with genetic algorithms. Ecole de Technologie Superieure, Canada (2008)

    Google Scholar 

  13. Aburomman, A.A., Ibne Reaz, M.B.: A survey of intrusion detection systems based on ensemble and hybrid classifiers. Comput. Secur. 65, 135–152 (2017)

    Article  Google Scholar 

  14. Gaikwad, D.P., Thool, R.C.: Intrusion detection system using bagging ensemble method of machine learning. In: International Conference on Computing Communication Control and Automation, pp. 291–295. IEEE (2015)

    Google Scholar 

  15. Folino, G., Pisani, F.S.: Combining ensemble of classifiers by using genetic programming for cyber security applications. In: Mora, A.M., Squillero, G. (eds.) EvoApplications 2015. LNCS, vol. 9028, pp. 54–66. Springer, Cham (2015). doi:10.1007/978-3-319-16549-3_5

    Google Scholar 

  16. Aburomman, A.A., Ibne Reaz, M.B.: A novel SVM-kNN-PSO ensemble method for intrusion detection system. Appl. Soft Comput. 38, 360–372 (2016)

    Article  Google Scholar 

  17. Vapnik, V.: Statistical Learning Theory. Wiley-Interscience, New York (1998)

    MATH  Google Scholar 

Download references

Acknowledgments

The National Natural Science Foundation of China under Grant Nos. 61370212, 61402127, 61502118; the Natural Science Foundation of Heilongjiang Province under Grant Nos. F2015029, F2016009; the Fundamental Research Fund for the Central Universities under Grant No. HEUCF100601.

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Harbin Engineering University, Harbin, China

    Naila Marir & Huiqiang Wang

Authors
  1. Naila Marir
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huiqiang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Naila Marir .

Editor information

Editors and Affiliations

  1. Central South University, Changsha, China

    Beiji Zou

  2. Central South University, Changsha, China

    Min Li

  3. Harbin Institute of Technology, Harbin, China

    Hongzhi Wang

  4. Harbin University of Science and Technology, Harbin, China

    Xianhua Song

  5. Harbin University of Science and Technology, Harbin, China

    Wei Xie

  6. Harbin Sea of Clouds and Computer Technology, Harbin, China

    Zeguang Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Marir, N., Wang, H. (2017). A Cooperative Abnormal Behavior Detection Framework Based on Big Data Analytics. In: Zou, B., Li, M., Wang, H., Song, X., Xie, W., Lu, Z. (eds) Data Science. ICPCSEE 2017. Communications in Computer and Information Science, vol 727. Springer, Singapore. https://doi.org/10.1007/978-981-10-6385-5_17

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-6385-5_17

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-6384-8

  • Online ISBN: 978-981-10-6385-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation