Big Data in Network Anomaly Detection

Le, Duc C.; Zincir-Heywood, Nur

doi:10.1007/978-3-319-77525-8_161

Big Data in Network Anomaly Detection

Duc C. Le³ &
Nur Zincir-Heywood³

Reference work entry
First Online: 20 February 2019

64 Accesses

Synonyms

Network anomaly detection; Network normal traflc/Behavior modeling; Network outlier detection

Definitions

Network anomaly detection refers to the problem of finding anomalous patterns in network activities and behaviors, which deviate from normal network operational patterns. More specifically, in network anomaly detection context, a set of network actions, behaviors, or observations is pronounced anomalous when it does not conform by some measures to a model of profiled network behaviors, which is mostly based on modelling benign network traffic.

Overview

In today’s world, networks are growing fast and becoming more and more diverse, not only connecting people but also things. They account for a large proportion of the processing power, due to the trend of moving more and more of the computing and the data to the cloud systems. There might also come the time when the vast majority of things are controlled in a coordinated way over the network. This phenomenon not only opens...

This is a preview of subscription content, access via your institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 899.99; Price excludes VAT (USA)

Hardcover Book: USD 1,099.99; Price excludes VAT (USA)

Learn about institutional subscriptions

**Big Data in Network Anomaly Detection, Fig. 1**

**Big Data in Network Anomaly Detection, Fig. 2**

References

Bhuyan MH, Bhattacharyya DK, Kalita JK (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surv Tutorials 16(1):303–336. https://doi.org/10.1109/SURV.2013.052213.00046
CrossRef Google Scholar
Casas P, Mazel J, Owezarski P (2012) Unsupervised network intrusion detection systems: detecting the unknown without knowledge. Comput Commun 35(7):772–783. https://doi.org/10.1016/j.comcom.2012.01.016
CrossRef Google Scholar
Dainotti A, Pescapé A, Ventre G (2007) Worm traffic analysis and characterization. In: 2007 IEEE international conference on communications, pp 1435–1442. https://doi.org/10.1109/ICC.2007.241
Dainotti A, Pescapé A, Ventre G (2009) A cascade architecture for DoS attacks detection based on the wavelet transform. J Comput Secur 17(6): 945–968
CrossRef Google Scholar
Finamore A, Mellia M, Meo M (2011) Mining unclassified traffic using automatic clustering techniques. Springer, Berlin/Heidelberg, pp 150–163. https://doi.org/10.1007/978-3-642-20305-3_13
Google Scholar
García S, Grill M, Stiborek J, Zunino A (2014) An empirical comparison of botnet detection methods. Comput Secur 45:100–123. https://doi.org/10.1016/j.cose.2014.05.011
CrossRef Google Scholar
Haddadi F, Zincir-Heywood AN (2016) Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification. IEEE Syst J 10:1390–1401. https://doi.org/10.1109/JSYST.2014.2364743
CrossRef Google Scholar
Ilgun K, Kemmerer RA, Porras PA (1995) State transition analysis: a rule-based intrusion detection approach. IEEE Trans Softw Eng 21(3):181–199. https://doi.org/10.1109/32.372146
CrossRef Google Scholar
Jiang S, Song X, Wang H, Han JJ, Li QH (2006) A clustering-based method for unsupervised intrusion detections. Pattern Recogn Lett 27(7):802–810. https://doi.org/10.1016/j.patrec.2005.11.007
CrossRef Google Scholar
Kayacik HG, Zincir-Heywood AN, Heywood MI (2007) A hierarchical SOM-based intrusion detection system. Eng Appl Artif Intell 20(4):439–451
CrossRef Google Scholar
Khanchi S, Heywood MI, Zincir-Heywood AN (2017) Properties of a GP active learning framework for streaming data with class imbalance. In: Proceedings of the genetic and evolutionary computation conference, pp 945–952. https://doi.org/10.1145/3071178.3071213
Kohonen T (2001) Self-organizing maps. Springer series in information sciences, vol 30, 3rd edn. Springer, Berlin/Heidelberg. https://doi.org/10.1007/978-3-642-56927-2
MATH Google Scholar
Laney D (2001) 3D data management: controlling data volume, velocity, and variety. Technical report, META Group
Google Scholar
Le DC (2017) An unsupervised learning approach for network and system analysis. Master’s thesis, Dalhousie University
Google Scholar
Le DC, Zincir-Heywood AN, Heywood MI (2016) Data analytics on network traffic flows for botnet behaviour detection. In: 2016 IEEE symposium series on computational intelligence (SSCI), pp 1–7. https://doi.org/10.1109/SSCI.2016.7850078
Leung K, Leckie C (2005) Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the twenty-eighth Australasian conference on computer science, vol 38, pp 333–342
Google Scholar
Otey ME, Ghoting A, Parthasarathy S (2006) Fast distributed outlier detection in mixed-attribute data sets. Data Min Knowl Discov 12(2–3):203–228. https://doi.org/10.1007/s10618-005-0014-6
MathSciNet CrossRef Google Scholar
Perdisci R, Gu G, Lee W (2006) Using an ensemble of one-class SVM classifiers to harden payload-based anomaly detection systems. In: Sixth international conference on data mining (ICDM’06), pp 488–498. https://doi.org/10.1109/ICDM.2006.165
Rajashekar D, Zincir-Heywood AN, Heywood MI (2016) Smart phone user behaviour characterization based on autoencoders and self organizing maps. In: ICDM workshop on data mining for cyber security, pp 319–326. https://doi.org/10.1109/ICDMW.2016.0052
Rashid T, Agrafiotis I, Nurse JR (2016) A new take on detecting insider threats: exploring the use of hidden Markov models. In: Proceedings of the 8th ACM CCS international workshop on managing insider security threats, pp 47–56. https://doi.org/10.1145/2995959.2995964
Sequeira K, Zaki M (2002) ADMIT: anomaly-based data mining for intrusions. In: Proceedings of the eighth ACM SIGKDD international conference on knowledge discovery and data mining, pp 386–395. https://doi.org/10.1145/775047.775103
Shabtai A, Kanonov U, Elovici Y (2010) Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method. J Syst Softw 83(8):1524–1537. https://doi.org/10.1016/j.jss.2010.03.046
CrossRef Google Scholar
Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy, pp 305–316. https://doi.org/10.1109/SP.2010.25
Thottan M, Ji C (2003) Anomaly detection in IP networks. IEEE Trans Signal Process 51(8):2191–2204
CrossRef Google Scholar
Veeramachaneni K, Arnaldo I, Korrapati V, Bassias C, Li K (2016) AIˆ2: training a big data machine to defend. In: 2016 IEEE 2nd international conference on big data security on cloud (BigDataSecurity). IEEE, pp 49–54. https://doi.org/10.1109/BigDataSecurity-HPSC-IDS.2016.79

Download references

Author information

Authors and Affiliations

Dalhousie University, Halifax, NS, Canada
Duc C. Le & Nur Zincir-Heywood

Authors

Duc C. Le
View author publications
You can also search for this author in PubMed Google Scholar
Nur Zincir-Heywood
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nur Zincir-Heywood .

Editor information

Editors and Affiliations

Institute of Computer Science, University of Tartu, Tartu, Estonia
Sherif Sakr
School of Information Technologies, Sydney University, Sydney, Australia
Albert Y. Zomaya

Rights and permissions

Reprints and Permissions

Copyright information

About this entry

Cite this entry

Le, D.C., Zincir-Heywood, N. (2019). Big Data in Network Anomaly Detection. In: Sakr, S., Zomaya, A.Y. (eds) Encyclopedia of Big Data Technologies. Springer, Cham. https://doi.org/10.1007/978-3-319-77525-8_161

Download citation

DOI: https://doi.org/10.1007/978-3-319-77525-8_161
Published: 20 February 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-77524-1
Online ISBN: 978-3-319-77525-8
eBook Packages: Computer ScienceReference Module Computer Science and Engineering