Loading…
A semi-supervised model for network traffic anomaly detection
Network traffic anomaly detection can help to early detect network attacks because hacker's activities may result in unusual changes of network traffic, that are significant fluctuations compared to normal traffic of the network Among various anomaly detection approaches, principal component an...
Saved in:
Main Authors: | , |
---|---|
Format: | Conference Proceeding |
Language: | English |
Subjects: | |
Online Access: | Request full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Network traffic anomaly detection can help to early detect network attacks because hacker's activities may result in unusual changes of network traffic, that are significant fluctuations compared to normal traffic of the network Among various anomaly detection approaches, principal component analysis (PCA) has been seen as an effective solution. Until now, PCA is basically applied to dimension reduction method. Several issues remain including: how effective can PCA be applied to semi-supervised models with a small training dataset, which components are significant for anomaly detection. This paper proposes a semi-supervised model using a modified Mahanalobis distance based on PCA for network traffic anomaly detection. We propose a K-means clustering method to build normal profile of traffic to improve the training dataset and propose to give weights to choose principal components of PCA. |
---|---|
ISSN: | 1738-9445 |
DOI: | 10.1109/ICACT.2015.7224759 |