Anomaly Detection System Using Beta Mixture Models and Outlier Detection

  • Nour Moustafa
  • Gideon Creech
  • Jill Slay
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 710)


An intrusion detection system (IDS) plays a significant role in recognising suspicious activities in hosts or networks, even though this system still has the challenge of producing high false positive rates with the degradation of its performance. This paper suggests a new beta mixture technique (BMM-ADS) using the principle of anomaly detection. This establishes a profile from the normal data and considers any deviation from this profile as an anomaly. The experimental outcomes show that the BMM-ADS technique provides a higher detection rate and lower false rate than three recent techniques on the UNSW-NB15 data set.


Intrusion detection system (IDS) Anomaly detection system (ADS) Beta mixture model (BMM) Outlier detection 


  1. 1.
    Ambusaidi, M.A., He, X., Nanda, P., Tan, Z.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE transactions on computers 65(10), 2986–2998 (2016)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE communications surveys & tutorials 16(1), 303–336 (2014)CrossRefGoogle Scholar
  3. 3.
    Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Transactions on Computers 63(4), 807–819 (2014)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Escobar, M.D., West, M.: Bayesian density estimation and inference using mixtures. Journal of the american statistical association 90(430), 577–588 (1995)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Fan, W., Bouguila, N., Ziou, D.: Unsupervised anomaly intrusion detection via localized bayesian feature selection. In: Data Mining (ICDM), 2011 IEEE 11th International Conference on, pp. 1032–1037. IEEE (2011)Google Scholar
  6. 6.
    Fortunati, S., Gini, F., Greco, M.S., Farina, A., Graziano, A., Giompapa, S.: An improvement of the state-of-the-art covariance-based methods for statistical anomaly detection algorithms. Signal, Image and Video Processing 10(4), 687–694 (2016)CrossRefGoogle Scholar
  7. 7.
    Fung, C.J., Zhu, Q., Boutaba, R., Ba, T., et al.: Bayesian decision aggregation in collaborative intrusion detection networks. In: Network Operations and Management Symposium (NOMS), 2010 IEEE, pp. 349–356. IEEE (2010)Google Scholar
  8. 8.
    Gupta, A.K., Nadarajah, S.: Handbook of beta distribution and its applications. CRC press (2004)Google Scholar
  9. 9.
    Gyanchandani, M., Rana, J., Yadav, R.: Taxonomy of anomaly based intrusion detection system: a review. International Journal of Scientific and Research Publications 2(12), 1–13 (2012)CrossRefGoogle Scholar
  10. 10.
    Ma, Z., Leijon, A.: Beta mixture models and the application to image classification. In: Image Processing (ICIP), 2009 16th IEEE International Conference on, pp. 2045–2048. IEEE (2009)Google Scholar
  11. 11.
    Moustafa, N., Slay, J.: A hybrid feature selection for network intrusion detection systems: Central points (2015)Google Scholar
  12. 12.
    Moustafa, N., Slay, J.: The significant features of the unsw-nb15 and the kdd99 data sets for network intrusion detection systems. In: Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), 2015 4th International Workshop on, pp. 25–31. IEEE (2015)Google Scholar
  13. 13.
    Moustafa, N., Slay, J.: Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: Military Communications and Information Systems Conference (MilCIS), 2015, pp. 1–6. IEEE (2015)Google Scholar
  14. 14.
    Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: Statistical analysis of the unsw-nb15 data set and the comparison with the kdd99 data set. Information Security Journal: A Global Perspective 25(1-3), 18–31 (2016)Google Scholar
  15. 15.
    Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Transactions on Big Data PP(99), 1–1 (2017). 10.1109/TBDATA.2017.2715166Google Scholar
  16. 16.
    Pontarelli, S., Bianchi, G., Teofili, S.: Traffic-aware design of a high-speed fpga network intrusion detection system. IEEE Transactions on Computers 62(11), 2322–2334 (2013)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Rousseeuw, P.J., Hubert, M.: Robust statistics for outlier detection. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery 1(1), 73–79 (2011)Google Scholar
  18. 18.
    Saurabh, P., Verma, B.: An efficient proactive artificial immune system based anomaly detection and prevention system. Expert Systems with Applications 60, 311–320 (2016)CrossRefGoogle Scholar
  19. 19.
    Singh, K., Guntuku, S.C., Thakur, A., Hota, C.: Big data analytics framework for peer-to-peer botnet detection using random forests. Information Sciences 278, 488–497 (2014)CrossRefGoogle Scholar
  20. 20.
    Tan, Z., Jamdagni, A., He, X., Nanda, P., Liu, R.P.: A system for denial-of-service attack detection based on multivariate correlation analysis. IEEE transactions on parallel and distributed systems 25(2), 447–456 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  1. 1.The Australian Centre for Cyber SecurityUniversity of New South WalesCanberraAustralia

Personalised recommendations