Loading…

A semi-supervised model for network traffic anomaly detection

Network traffic anomaly detection can help to early detect network attacks because hacker's activities may result in unusual changes of network traffic, that are significant fluctuations compared to normal traffic of the network Among various anomaly detection approaches, principal component an...

Full description

Saved in:
Bibliographic Details
Main Authors: Nguyen Ha Duong, Hoang Dang Hai
Format: Conference Proceeding
Language:English
Subjects:
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Network traffic anomaly detection can help to early detect network attacks because hacker's activities may result in unusual changes of network traffic, that are significant fluctuations compared to normal traffic of the network Among various anomaly detection approaches, principal component analysis (PCA) has been seen as an effective solution. Until now, PCA is basically applied to dimension reduction method. Several issues remain including: how effective can PCA be applied to semi-supervised models with a small training dataset, which components are significant for anomaly detection. This paper proposes a semi-supervised model using a modified Mahanalobis distance based on PCA for network traffic anomaly detection. We propose a K-means clustering method to build normal profile of traffic to improve the training dataset and propose to give weights to choose principal components of PCA.
ISSN:1738-9445
DOI:10.1109/ICACT.2015.7224759