To see the other types of publications on this topic, follow the link: Network anomally.
Journal articles on the topic 'Network anomally'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Network anomally.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
García González, Gastón, Pedro Casas, Alicia Fernández, and Gabriel Gómez. "On the Usage of Generative Models for Network Anomaly Detection in Multivariate Time-Series." ACM SIGMETRICS Performance Evaluation Review 48, no. 4 (2021): 49–52. http://dx.doi.org/10.1145/3466826.3466843.
Full textAbstract:
Despite the many attempts and approaches for anomaly de- tection explored over the years, the automatic detection of rare events in data communication networks remains a com- plex problem. In this paper we introduce Net-GAN, a novel approach to network anomaly detection in time-series, us- ing recurrent neural networks (RNNs) and generative ad- versarial networks (GAN). Different from the state of the art, which traditionally focuses on univariate measurements, Net-GAN detects anomalies in multivariate time-series, ex- ploiting temporal dependencies through RNNs. Net-GAN discovers the underlying distribution of the baseline, multi- variate data, without making any assumptions on its nature, offering a powerful approach to detect anomalies in com- plex, difficult to model network monitoring data. We further exploit the concepts behind generative models to conceive Net-VAE, a complementary approach to Net-GAN for net- work anomaly detection, based on variational auto-encoders (VAE). We evaluate Net-GAN and Net-VAE in different monitoring scenarios, including anomaly detection in IoT sensor data, and intrusion detection in network measure- ments. Generative models represent a promising approach for network anomaly detection, especially when considering the complexity and ever-growing number of time-series to monitor in operational networks.
2
Dymora, Paweł, Miroslaw Mazurek, and Sławomir Jaskółka. "VoIP Anomaly Detection - selected methods of statistical analysis." Annales Universitatis Mariae Curie-Sklodowska, sectio AI – Informatica 16, no. 2 (2017): 14. http://dx.doi.org/10.17951/ai.2016.16.2.14.
Full textAbstract:
<p>Self-similarity analysis and anomaly detection in networks are interesting fields of research and scientific work of scientists around the world. Simulation studies have demonstrated that the Hurst parameter estimation can be used to detect traffic anomaly. The actual network traffic is self-similar or long-range dependent. The dramatic expansion of applications on modern networks gives rise to a fundamental challenge to network security. The Hurst values are compared with confidence intervals of normal values to detect anomaly in VoIP.</p>
3
Patel, Darsh, Kathiravan Srinivasan, Chuan-Yu Chang, Takshi Gupta, and Aman Kataria. "Network Anomaly Detection inside Consumer Networks—A Hybrid Approach." Electronics 9, no. 6 (2020): 923. http://dx.doi.org/10.3390/electronics9060923.
Full textAbstract:
With an increasing number of Internet of Things (IoT) devices in the digital world, the attack surface for consumer networks has been increasing exponentially. Most of the compromised devices are used as zombies for attacks such as Distributed Denial of Services (DDoS). Consumer networks, unlike most commercial networks, lack the infrastructure such as managed switches and firewalls to easily monitor and block undesired network traffic. To counter such a problem with limited resources, this article proposes a hybrid anomaly detection approach that detects irregularities in the network traffic implicating compromised devices by using only elementary network information like Packet Size, Source, and Destination Ports, Time between subsequent packets, Transmission Control Protocol (TCP) Flags, etc. Essential features can be extracted from the available data, which can further be used to detect zero-day attacks. The paper also provides the taxonomy of various approaches to classify anomalies and description on capturing network packets inside consumer networks.
4
Lalitha, K. V., and V. R. Josna. "Traffic Verification for Network Anomaly Detection in Sensor Networks." Procedia Technology 24 (2016): 1400–1405. http://dx.doi.org/10.1016/j.protcy.2016.05.161.
Full text
5
Naseer, Sheraz, Yasir Saleem, Shehzad Khalid, et al. "Enhanced Network Anomaly Detection Based on Deep Neural Networks." IEEE Access 6 (2018): 48231–46. http://dx.doi.org/10.1109/access.2018.2863036.
Full text
6
Zhang, Huajie, Sen Zhang, and Marlia Mohd Hanafiah. "Localization and recognition algorithm for fuzzy anomaly data in big data networks." Open Physics 16, no. 1 (2018): 1076–84. http://dx.doi.org/10.1515/phys-2018-0128.
Full textAbstract:
Abstract In order to accurately detect the fuzzy anomaly data existing in big data networks, it is necessary to study the localization and recognition algorithm. The current algorithms have problems related to poor noise reduction, low recognition efficiency, high energy consumption and low accuracy. A novel localization and recognition algorithm for fuzzy anomaly data in big data networks is proposed. The multi-wavelet denoising method is used to remove the noise signals existing in the network. The k-means algorithm is utilized for network clustering, and the association mode between nodes and the unitary linearity regression model is adopted to eliminate spatially and temporally redundant data that exist in big data networks. The similarity anomaly detection method based on multi-feature aggregation identifies fuzzy anomaly data existing in big data networks, establishes an anomaly data localization model, and completes the localization and recognition of fuzzy anomaly data. Experimental results show that the proposed method has good noise reduction, high recognition efficiency, low energy consumption and high accuracy of localization and recognition.
7
Das, Krishna, and Smriti Kumar Sinha. "Centrality measure based approach for detection of malicious nodes in twitter social network." International Journal of Engineering & Technology 7, no. 4.5 (2018): 518. http://dx.doi.org/10.14419/ijet.v7i4.5.21147.
Full textAbstract:
In this short paper, network structural measure called centrality measure based mathematical approach is used for detection of malicious nodes in twitter social network. One of the objectives in analysing social networks is to detect malicious nodes which show anomaly behaviours in social networks. There are different approaches for anomaly detection in social networks such as opinion mining methods, behavioural methods, network structural approach etc. Centrality measure, a graph theoretical method related to social network structure, can be used to categorize a node either as popular and influential or as non-influential and anomalous node. Using this approach, we have analyzed twitter social network to remove anomalous nodes from the nodes-edges twitter data set. Thus removal of these kinds of nodes which are not important for information diffusion in the social network, makes the social network clean & speedy in fast information propagation.
8
Naseer, Sheraz, Rao Faizan Ali, P. D. D. Dominic, and Yasir Saleem. "Learning Representations of Network Traffic Using Deep Neural Networks for Network Anomaly Detection: A Perspective towards Oil and Gas IT Infrastructures." Symmetry 12, no. 11 (2020): 1882. http://dx.doi.org/10.3390/sym12111882.
Full textAbstract:
Oil and Gas organizations are dependent on their IT infrastructure, which is a small part of their industrial automation infrastructure, to function effectively. The oil and gas (O&G) organizations industrial automation infrastructure landscape is complex. To perform focused and effective studies, Industrial systems infrastructure is divided into functional levels by The Instrumentation, Systems and Automation Society (ISA) Standard ANSI/ISA-95:2005. This research focuses on the ISA-95:2005 level-4 IT infrastructure to address network anomaly detection problem for ensuring the security and reliability of Oil and Gas resource planning, process planning and operations management. Anomaly detectors try to recognize patterns of anomalous behaviors from network traffic and their performance is heavily dependent on extraction time and quality of network traffic features or representations used to train the detector. Creating efficient representations from large volumes of network traffic to develop anomaly detection models is a time and resource intensive task. In this study we propose, implement and evaluate use of Deep learning to learn effective Network data representations from raw network traffic to develop data driven anomaly detection systems. Proposed methodology provides an automated and cost effective replacement of feature extraction which is otherwise a time and resource intensive task for developing data driven anomaly detectors. The ISCX-2012 dataset is used to represent ISA-95 level-4 network traffic because the O&G network traffic at this level is not much different than normal internet traffic. We trained four representation learning models using popular deep neural network architectures to extract deep representations from ISCX 2012 traffic flows. A total of sixty anomaly detectors were trained by authors using twelve conventional Machine Learning algorithms to compare the performance of aforementioned deep representations with that of a human-engineered handcrafted network data representation. The comparisons were performed using well known model evaluation parameters. Results showed that deep representations are a promising feature in engineering replacement to develop anomaly detection models for IT infrastructure security. In our future research, we intend to investigate the effectiveness of deep representations, extracted using ISA-95:2005 Level 2-3 traffic comprising of SCADA systems, for anomaly detection in critical O&G systems.
9
López-Vizcaíno, Manuel, Carlos Dafonte, Francisco Nóvoa, Daniel Garabato, and M. Álvarez. "Network Data Unsupervised Clustering to Anomaly Detection." Proceedings 2, no. 18 (2018): 1173. http://dx.doi.org/10.3390/proceedings2181173.
Full textAbstract:
In these days, organizations rely on the availability and security of their communication networks to perform daily operations. As a result, network data must be analyzed in order to provide an adequate level of security and to detect anomalies or malfunctions in the systems. Due to the increase of devices connected to these networks, the complexity to analyze data related to its communications also grows. We propose a method, based on Self-Organized Maps, which combine numerical and categorical features, to ease communication network data analysis. Also, we have explored the possibility of using different sources of data.
10
Prabhakar, T. S., and M. N. Veena. "Review on Anomaly Detection in Mobile Networks Using Traditional Learning, Machine Learning and Deep Learning." Journal of Computational and Theoretical Nanoscience 17, no. 11 (2020): 4789–96. http://dx.doi.org/10.1166/jctn.2020.9054.
Full textAbstract:
Increasing usage of smart phones involves in the developing large amount of data and high speed internet is used for transfers this large amount of data. This in-turn gives rise to the development of various attacks to hack the data. Anomaly detection in the network analyzes the pattern in the network activity and found the abnormality in the network. The accurate detection of abnormality in network helps to prevent the attackers to steal the data. Many researches were conducted to improve the performance of anomaly detection in the mobile networks. Traditional methods results for performance of anomaly detection are not much effective. Machine learning techniques are used for the anomaly detection to increase the performance. The deep learning techniques are applied to increase the detection rate and decrease the false positive. Both the techniques machine learning uses k-means and Deep learning uses Artificial Neural Network method provides the considerable performance in anomaly detection.
11
Kabore, Raogo, Hyacinthe Kouassi Konan, Adlès Kouassi, Yvon Kermarrec, Philippe Lenca, and Olivier Asseu. "HYBRID DEEP NEURAL NETWORK ANOMALY DETECTION SYSTEM FOR SCADA NETWORKS." Far East Journal of Mathematical Sciences (FJMS) 128, no. 2 (2021): 141–91. http://dx.doi.org/10.17654/ms128020141.
Full text
12
Gao, Minghui, Li Ma, Heng Liu, Zhijun Zhang, Zhiyan Ning, and Jian Xu. "Malicious Network Traffic Detection Based on Deep Neural Networks and Association Analysis." Sensors 20, no. 5 (2020): 1452. http://dx.doi.org/10.3390/s20051452.
Full textAbstract:
Anomaly detection systems can accurately identify malicious network traffic, providing network security. With the development of internet technology, network attacks are becoming more and more sourced and complicated, making it difficult for traditional anomaly detection systems to effectively analyze and identify abnormal traffic. At present, deep neural network (DNN) technology achieved great results in terms of anomaly detection, and it can achieve automatic detection. However, there still exists misclassified traffic in the prediction results of deep neural networks, resulting in redundant alarm information. This paper designs a two-level anomaly detection system based on deep neural network and association analysis. We made a comprehensive evaluation of experiments using DNNs and other neural networks based on publicly available datasets. Through the experiments, we chose DNN-4 as an important part of our system, which has high precision and accuracy in identifying malicious traffic. The Apriori algorithm can mine rules between various discretized features and normal labels, which can be used to filter the classified traffic and reduce the false positive rate. Finally, we designed an intrusion detection system based on DNN-4 and association rules. We conducted experiments on the public training set NSL-KDD, which is considered as a modified dataset for the KDDCup 1999. The results show that our detection system has great precision in malicious traffic detection, and it achieves the effect of reducing the number of false alarms.
13
BEN-OTHMAN, JALEL, LYNDA MOKDAD, and SOUHEILA BOUAM. "AMCLM: ADAPTIVE MULTI-SERVICES CROSS-LAYER MAC PROTOCOL FOR IEEE 802.11 NETWORKS." Journal of Interconnection Networks 10, no. 04 (2009): 283–301. http://dx.doi.org/10.1142/s0219265909002583.
Full textAbstract:
In wireless networks, the radio link vulnerability attributed to effects such as noise, interference, free-space loss, shadowing and multipath fading, must be considered. MAC protocols developed for these networks do not take into account these perturbations. It was shown, in the literature, that 802.11 suffers from what is called 'the 802.11 anomaly'. This anomaly concerns two aspects: all nodes throughput, in a 802.11 network, falls to the worst one of all nodes and the bandwidth will be divided by the number of the mobile nodes of the network. In order to improve the quality of service of a BSS (Basic Service Set) and to solve 802.11 anomaly, Cross-layer approaches are developed. These approaches are especially based on information given by the Physical layer. In this study we propose a new cross-layer scheme: AMCLM (Adaptive Multi-services Cross-Layer MAC). The goal of this protocol is to improve the Quality-of-Service (QoS) of Mobile Nodes (MNs) connected in a BSS by a temporary disassociation of the ones for which the SNR (Signal to Noise Ratio) is under a defined threshold. In this way, the network's throughput is improved. Our approach aims to improve global networks QoS by unselfishness decisions of nodes. In order to show the benefit of our method, a performance evaluation of this protocol has been made. We have built the discrete Markov Chain associated to the behavior of AMCLM protocol to analyze the throughput of mobile nodes connected to the BSS.
14
Tao, Xiaoling, Yang Peng, Feng Zhao, Peichao Zhao, and Yong Wang. "A parallel algorithm for network traffic anomaly detection based on Isolation Forest." International Journal of Distributed Sensor Networks 14, no. 11 (2018): 155014771881447. http://dx.doi.org/10.1177/1550147718814471.
Full textAbstract:
With the rapid development of large-scale complex networks and proliferation of various social network applications, the amount of network traffic data generated is increasing tremendously, and efficient anomaly detection on those massive network traffic data is crucial to many network applications, such as malware detection, load balancing, network intrusion detection. Although there are many methods around for network traffic anomaly detection, they are all designed for single machine, failing to deal with the case that the network traffic data are so large that it is prohibitive for a single computer to store and process the data. To solve these problems, we propose a parallel algorithm based on Isolation Forest and Spark for network traffic anomaly detection. We combine the advantages of Isolation Forest algorithm in network traffic anomaly detection and big data processing capability of Spark technology. Meanwhile, we apply the idea of parallelization to the process of modeling and evaluation. In the calculation process, by assigning tasks to multiple compute nodes, Isolation Forest and Spark can efficiently perform anomaly detection and evaluation process. By this way, we can also solve the problem of computation bottleneck on single machine. Extensive experiments on real world datasets show that our Isolation Forest and Spark is efficient and scales well for anomaly detection on large network traffic data.
15
Nakkeeran, R., T. Aruldoss Albert, and R. Ezumalai. "Agent Based Efficient Anomaly Intrusion Detection System in Adhoc networks." International Journal of Engineering and Technology 2, no. 1 (2010): 52–56. http://dx.doi.org/10.7763/ijet.2010.v2.99.
Full text
16
Allahdadi, Anisa, Ricardo Morla, and Jaime S. Cardoso. "802.11 wireless simulation and anomaly detection using HMM and UBM." SIMULATION 96, no. 12 (2020): 939–56. http://dx.doi.org/10.1177/0037549720958480.
Full textAbstract:
Despite the growing popularity of 802.11 wireless networks, users often suffer from connectivity problems and performance issues due to unstable radio conditions and dynamic user behavior, among other reasons. Anomaly detection and distinction are in the thick of major challenges that network managers encounter. The difficulty of monitoring broad and complex Wireless Local Area Networks, that often requires heavy instrumentation of the user devices, makes anomaly detection analysis even harder. In this paper we exploit 802.11 access point usage data and propose an anomaly detection technique based on Hidden Markov Model (HMM) and Universal Background Model (UBM) on data that is inexpensive to obtain. We then generate a number of network anomalous scenarios in OMNeT++/INET network simulator and compare the detection outcomes with those in baseline approaches—RawData and Principal Component Analysis. The experimental results show the superiority of HMM and HMM-UBM models in detection precision and sensitivity.
17
Ali, Wasim Ahmed, Manasa K. N, Mohammed Aljunid, Malika Bendechache, and P. Sandhya. "Review of Current Machine Learning Approaches for Anomaly Detection in Network Traffic." Journal of Telecommunications and the Digital Economy 8, no. 4 (2020): 64–95. http://dx.doi.org/10.18080/jtde.v8n4.307.
Full textAbstract:
Due to the advance in network technologies, the number of network users is growing rapidly, which leads to the generation of large network traffic data. This large network traffic data is prone to attacks and intrusions. Therefore, the network needs to be secured and protected by detecting anomalies as well as to prevent intrusions into networks. Network security has gained attention from researchers and network laboratories. In this paper, a comprehensive survey was completed to give a broad perspective of what recently has been done in the area of anomaly detection. Newly published studies in the last five years have been investigated to explore modern techniques with future opportunities. In this regard, the related literature on anomaly detection systems in network traffic has been discussed, with a variety of typical applications such as WSNs, IoT, high-performance computing, industrial control systems (ICS), and software-defined network (SDN) environments. Finally, we underlined diverse open issues to improve the detection of anomaly systems.
18
Maulana, Asep, and Martin Atzmueller. "Many-Objective Optimization for Anomaly Detection on Multi-Layer Complex Interaction Networks." Applied Sciences 11, no. 9 (2021): 4005. http://dx.doi.org/10.3390/app11094005.
Full textAbstract:
Anomaly detection in complex networks is an important and challenging task in many application domains. Examples include analysis and sensemaking in human interactions, e.g., in (social) interaction networks, as well as the analysis of the behavior of complex technical and cyber-physical systems such as suspicious transactions/behavior in financial or routing networks; here, behavior and/or interactions typically also occur on different levels and layers. In this paper, we focus on detecting anomalies in such complex networks. In particular, we focus on multi-layer complex networks, where we consider the problem of finding sets of anomalous nodes for group anomaly detection. Our presented method is based on centrality-based many-objective optimization on multi-layer networks. Starting from the Pareto Front obtained via many-objective optimization, we rank anomaly candidates using the centrality information on all layers. This ranking is formalized via a scoring function, which estimates relative deviations of the node centralities, considering the density of the network and its respective layers. In a human-centered approach, anomalous sets of nodes can then be identified. A key feature of this approach is its interpretability and explainability, since we can directly assess anomalous nodes in the context of the network topology. We evaluate the proposed method using different datasets, including both synthetic as well as real-world network data. Our results demonstrate the efficacy of the presented approach.
19
Fotiadou, Konstantina, Terpsichori-Helen Velivassaki, Artemis Voulkidis, Dimitrios Skias, Sofia Tsekeridou, and Theodore Zahariadis. "Network Traffic Anomaly Detection via Deep Learning." Information 12, no. 5 (2021): 215. http://dx.doi.org/10.3390/info12050215.
Full textAbstract:
Network intrusion detection is a key pillar towards the sustainability and normal operation of information systems. Complex threat patterns and malicious actors are able to cause severe damages to cyber-systems. In this work, we propose novel Deep Learning formulations for detecting threats and alerts on network logs that were acquired by pfSense, an open-source software that acts as firewall on FreeBSD operating system. pfSense integrates several powerful security services such as firewall, URL filtering, and virtual private networking among others. The main goal of this study is to analyse the logs that were acquired by a local installation of pfSense software, in order to provide a powerful and efficient solution that controls traffic flow based on patterns that are automatically learnt via the proposed, challenging DL architectures. For this purpose, we exploit the Convolutional Neural Networks (CNNs), and the Long Short Term Memory Networks (LSTMs) in order to construct robust multi-class classifiers, able to assign each new network log instance that reaches our system into its corresponding category. The performance of our scheme is evaluated by conducting several quantitative experiments, and by comparing to state-of-the-art formulations.
20
Yang, Qi, Xuan Zhang, Jingfeng Qian, and Qiang Ye. "An anomaly node detection method for distributed time synchronization algorithm in cognitive radio sensor networks." International Journal of Distributed Sensor Networks 14, no. 5 (2018): 155014771877446. http://dx.doi.org/10.1177/1550147718774467.
Full textAbstract:
In wireless sensor networks, time synchronization is an important issue for all nodes to have a unified time. The wireless sensor network nodes should cooperatively adjust their local time according to certain distributed synchronization algorithms to achieve global time synchronization. Conventionally, it is assumed that all nodes in the network are cooperative and well-functioned in the synchronization process. However, in cognitive radio wireless sensor networks, the global time synchronization process among secondary users is prone to fail because the communication process for exchanging synchronization reference may be frequently interrupted by the primary users. The anomaly nodes that failed to synchronize will significantly affect the global convergence performance of the synchronization algorithm. This article proposes an anomaly node detection method for distributed time synchronization algorithm in cognitive radio sensor networks. The proposed method adopts the statistical linear correlation analysis approach to detect anomaly nodes through the historical time synchronization information stored in local nodes. Simulation results show that the proposed method can effectively improve the robustness of the synchronization algorithm in distributed cognitive radio sensor networks.
21
Abuadlla, Yousef, Goran Kvascev, Slavko Gajin, and Zoran Jovanovic. "Flow-based anomaly intrusion detection system using two neural network stages." Computer Science and Information Systems 11, no. 2 (2014): 601–22. http://dx.doi.org/10.2298/csis130415035a.
Full textAbstract:
Computer systems and networks suffer due to rapid increase of attacks, and in order to keep them safe from malicious activities or policy violations, there is need for effective security monitoring systems, such as Intrusion Detection Systems (IDS). Many researchers concentrate their efforts on this area using different approaches to build reliable intrusion detection systems. Flow-based intrusion detection systems are one of these approaches that rely on aggregated flow statistics of network traffic. Their main advantages are host independence and usability on high speed networks, since the metrics may be collected by network device hardware or standalone probes. In this paper, an intrusion detection system using two neural network stages based on flow-data is proposed for detecting and classifying attacks in network traffic. The first stage detects significant changes in the traffic that could be a potential attack, while the second stage defines if there is a known attack and in that case classifies the type of attack. The first stage is crucial for selecting time windows where attacks, known or unknown, are more probable. Two different neural network structures have been used, multilayer and radial basis function networks, with the objective to compare performance, memory consumption and the time required for network training. The experimental results demonstrate that the designed models are promising in terms of accuracy and computational time, with low probability of false alarms.
22
Sun, Bo, Xuemei Shan, Kui Wu, and Yang Xiao. "Anomaly Detection Based Secure In-Network Aggregation for Wireless Sensor Networks." IEEE Systems Journal 7, no. 1 (2013): 13–25. http://dx.doi.org/10.1109/jsyst.2012.2223531.
Full text
23
Franke, Conny, Marcel Karnstedt, Daniel Klan, Michael Gertz, Kai-Uwe Sattler, and Elena Chervakova. "In-network detection of anomaly regions in sensor networks with obstacles." Computer Science - Research and Development 24, no. 3 (2009): 153–70. http://dx.doi.org/10.1007/s00450-009-0063-y.
Full text
24
Gutiérrez-Gómez, Leonardo, Alexandre Bovet, and Jean-Charles Delvenne. "Multi-Scale Anomaly Detection on Attributed Networks." Proceedings of the AAAI Conference on Artificial Intelligence 34, no. 01 (2020): 678–85. http://dx.doi.org/10.1609/aaai.v34i01.5409.
Full textAbstract:
Many social and economic systems can be represented as attributed networks encoding the relations between entities who are themselves described by different node attributes. Finding anomalies in these systems is crucial for detecting abuses such as credit card frauds, web spams or network intrusions. Intuitively, anomalous nodes are defined as nodes whose attributes differ starkly from the attributes of a certain set of nodes of reference, called the context of the anomaly. While some methods have proposed to spot anomalies locally, globally or within a community context, the problem remain challenging due to the multi-scale composition of real networks and the heterogeneity of node metadata. Here, we propose a principled way to uncover outlier nodes simultaneously with the context with respect to which they are anomalous, at all relevant scales of the network. We characterize anomalous nodes in terms of the concentration retained for each node after smoothing specific signals localized on the vertices of the graph. Besides, we introduce a graph signal processing formulation of the Markov stability framework used in community detection, in order to find the context of anomalies. The performance of our method is assessed on synthetic and real-world attributed networks and shows superior results concerning state of the art algorithms. Finally, we show the scalability of our approach in large networks employing Chebychev polynomial approximations.
25
Burgueño, Jesús, Isabel de-la-Bandera, Jessica Mendoza, David Palacios, Cesar Morillas, and Raquel Barco. "Online Anomaly Detection System for Mobile Networks." Sensors 20, no. 24 (2020): 7232. http://dx.doi.org/10.3390/s20247232.
Full textAbstract:
The arrival of the fifth generation (5G) standard has further accelerated the need for operators to improve the network capacity. With this purpose, mobile network topologies with smaller cells are currently being deployed to increase the frequency reuse. In this way, the number of nodes that collect performance data is being further risen, so the number of metrics to be managed and analyzed is being highly increased. Therefore, it is fundamental to have tools that automatically inform the network operator of the relevant information within the vast amount of metrics collected. The continuous monitoring of the performance indicators and the automatic detection of anomalies is especially important for network operators to prevent the network degradation and user complaints. Therefore, this paper proposes a methodology to detect and track anomalies in the mobile networks performance indicators online, i.e., in real time. The feasibility of this system was evaluated with several performance metrics and a real LTE Advanced dataset. In addition, it was also compared with the performances of other state-of-the-art anomaly detection systems.
26
Sun, Teng, Hui Tian, and Xuan Mei. "Anomaly detection and localization by diffusion wavelet-based analysis on traffic matrix." Computer Science and Information Systems 12, no. 4 (2015): 1361–74. http://dx.doi.org/10.2298/csis141001059s.
Full textAbstract:
Diffusion wavelets (DW) transform has been successfully used in Multi-Resolution Analysis (MRA) of traffic matrices because it inherently adapts to the structure of the underlying network. There are many potential applications based on DW analysis such as anomaly detection, routing optimization and capacity plan, which, however, have not been well developed. This paper shows how to apply two-dimensional DW transform in traffic matrix analysis and anomaly detection. The experimental results demonstrate the effectiveness of DW-based technique in traffic matrix analysis and anomaly detection in practical networks. It also shows this new technique is potential to be used in many other network applications.
27
Zhao, Chensu, Yang Xin, Xuefeng Li, Hongliang Zhu, Yixian Yang, and Yuling Chen. "An Attention-Based Graph Neural Network for Spam Bot Detection in Social Networks." Applied Sciences 10, no. 22 (2020): 8160. http://dx.doi.org/10.3390/app10228160.
Full textAbstract:
With the rapid development of social networks, spam bots and other anomaly accounts’ malicious behavior has become a critical information security problem threatening the social network platform. In order to reduce this threat, the existing research mainly uses feature-based detection or propagation-based detection, and it applies machine learning or graph mining algorithms to identify anomaly accounts in social networks. However, with the development of technology, spam bots are becoming more advanced, and identifying bots is still an open challenge. This paper proposes a new semi-supervised graph embedding model based on a graph attention network for spam bot detection in social networks. This approach constructs a detection model by aggregating features and neighbor relationships, and learns a complex method to integrate the different neighborhood relationships between nodes to operate the directed social graph. The new model can identify spam bots by capturing user features and two different relationships among users in social networks. We compare our method with other methods on real-world social network datasets, and the experimental results show that our proposed model achieves a significant and consistent improvement.
28
Shin, Mi Young, Deuk Jae Cho, Yun-Ja Yoo, Cheol-Ye Hong, and Sang-Hyun Park. "Anomaly Detection Technique of Satellite on Network RTK." Journal of Navigation and Port Research 37, no. 1 (2013): 41–48. http://dx.doi.org/10.5394/kinpr.2013.37.1.41.
Full text
29
Andrysiak, Tomasz, and Łukasz Saganowski. "Anomaly detection system based on sparse signal representation." Image Processing & Communications 16, no. 3-4 (2011): 37–44. http://dx.doi.org/10.2478/v10248-012-0010-6.
Full textAbstract:
Anomaly detection system based on sparse signal representationIn this paper we present further expansion of our matching pursuit methodology for anomaly detection in computer networks. In our previous work we proposed new signal based algorithm for intrusion detection systems based on anomaly detection approach on the basis of the Matching Pursuit algorithm. This time we present completely different approach to generating base functions (atoms) dictionary. We propose modification of K-SVD [1] algorithm in order to select atoms from real 1-D signal which represents network traffic features. Dictionary atoms selected in this way have the ability to approximate different 1-D signals representing network traffic features. Achieved dictionary was used to detect network anomalies on benchmark data sets. Results were compared to the dictionary based on analytical 1-D Gabor atoms.
30
Li, Ming, Dezhi Han, Xinming Yin, Han Liu, and Dun Li. "Design and Implementation of an Anomaly Network Traffic Detection Model Integrating Temporal and Spatial Features." Security and Communication Networks 2021 (August 21, 2021): 1–15. http://dx.doi.org/10.1155/2021/7045823.
Full textAbstract:
With the rapid development and widespread application of cloud computing, cloud computing open networks and service sharing scenarios have become more complex and changeable, causing security challenges to become more severe. As an effective means of network protection, anomaly network traffic detection can detect various known attacks. However, there are also some shortcomings. Deep learning brings a new opportunity for the further development of anomaly network traffic detection. So far, the existing deep learning models cannot fully learn the temporal and spatial features of network traffic and their classification accuracy needs to be improved. To fill this gap, this paper proposes an anomaly network traffic detection model integrating temporal and spatial features (ITSN) using a three-layer parallel network structure. ITSN learns the temporal and spatial features of the traffic and fully fuses these two features through feature fusion technology to improve the accuracy of network traffic classification. On this basis, an improved method of raw traffic feature extraction is proposed, which can reduce redundant features, speed up the convergence of the network, and ease the imbalance of the datasets. The experimental results on the ISCX-IDS 2012 and CICIDS 2017 datasets show that the ITSN can improve the accuracy of anomaly network traffic detection while enhancing the robustness of the detection system and has a higher recognition rate for positive samples.
31
Estévez-Pereira, Julio J., Diego Fernández, and Francisco J. Novoa. "Network Anomaly Detection Using Machine Learning Techniques." Proceedings 54, no. 1 (2020): 8. http://dx.doi.org/10.3390/proceedings2020054008.
Full textAbstract:
While traditional network security methods have been proven useful until now, the flexibility of machine learning techniques makes them a solid candidate in the current scene of our networks. In this paper, we assess how well the latter are capable of detecting security threats in a corporative network. To that end, we configure and compare several models to find the one which fits better with our needs. Furthermore, we distribute the computational load and storage so we can handle extensive volumes of data. The algorithms that we use to create our models, Random Forest, Naive Bayes, and Deep Neural Networks (DNN), are both divergent and tested in other papers in order to make our comparison richer. For the distribution phase, we operate with Apache Structured Streaming, PySpark, and MLlib. As for the results, it is relevant to mention that our dataset has been found to be effectively modelable with just a reduced number of features. Finally, given the outcomes obtained, we find this line of research encouraging and, therefore, this approach worth pursuing.
32
Zhou, Renjie, Xiao Wang, Jingjing Yang, Wei Zhang, and Sanyuan Zhang. "Characterizing Network Anomaly Traffic with Euclidean Distance-Based Multiscale Fuzzy Entropy." Security and Communication Networks 2021 (June 16, 2021): 1–9. http://dx.doi.org/10.1155/2021/5560185.
Full textAbstract:
The prosperity of mobile networks and social networks brings revolutionary conveniences to our daily lives. However, due to the complexity and fragility of the network environment, network attacks are becoming more and more serious. Characterization of network traffic is commonly used to model and detect network anomalies and finally to raise the cybersecurity awareness capability of network administrators. As a tool to characterize system running status, entropy-based time-series complexity measurement methods such as Multiscale Entropy (MSE), Composite Multiscale Entropy (CMSE), and Fuzzy Approximate Entropy (FuzzyEn) have been widely used in anomaly detection. However, the existing methods calculate the distance between vectors solely using the two most different elements of the two vectors. Furthermore, the similarity of vectors is calculated using the Heaviside function, which has a problem of bouncing between 0 and 1. The Euclidean Distance-Based Multiscale Fuzzy Entropy (EDM-Fuzzy) algorithm was proposed to avoid the two disadvantages and to measure entropy values of system signals more precisely, accurately, and stably. In this paper, the EDM-Fuzzy is applied to analyze the characteristics of abnormal network traffic such as botnet network traffic and Distributed Denial of Service (DDoS) attack traffic. The experimental analysis shows that the EDM-Fuzzy entropy technology is able to characterize the differences between normal traffic and abnormal traffic. The EDM-Fuzzy entropy characteristics of ARP traffic discovered in this paper can be used to detect various types of network traffic anomalies including botnet and DDoS attacks.
33
Veselý, A., and D. Brechlerová. "Neural networks in intrusion detection systems." Agricultural Economics (Zemědělská ekonomika) 50, No. 1 (2012): 35–40. http://dx.doi.org/10.17221/5164-agricecon.
Full textAbstract:
Security of an information system is its very important property, especially today, when computers are interconnected via internet. Because no system can be absolutely secure, the timely and accurate detection of intrusions is necessary. For this purpose, Intrusion Detection Systems (IDS) were designed. There are two basic models of IDS: misuse IDS and anomaly IDS. Misuse systems detect intrusions by looking for activity that corresponds to the known signatures of intrusions or vulnerabilities. Anomaly systems detect intrusions by searching for an abnormal system activity. Most IDS commercial tools are misuse systems with rule-based expert system structure. However, these techniques are less successful when attack characteristics vary from built-in signatures. Artificial neural networks offer the potential to resolve these problems. As far as anomaly systems are concerned, it is very difficult to build them, because it is difficult to define the normal and abnormal behaviour of a&nbsp;system. Also for building anomaly system, neural networks can be used, because they can learn to discriminate the normal and abnormal behaviour of a&nbsp;system from examples. Therefore, they offer a&nbsp;promising technique for building anomaly systems. This paper presents an overview of the applicability of neural networks in building intrusion systems and discusses advantages and drawbacks of neural network technology.
34
Tian, Hui, Jingtian Liu, and Meimei Ding. "Promising techniques for anomaly detection on network traffic." Computer Science and Information Systems 14, no. 3 (2017): 597–609. http://dx.doi.org/10.2298/csis170201018h.
Full textAbstract:
In various networks, anomaly may happen due to network breakdown, intrusion detection, and end-to-end traffic changes. To detect these anomalies is important in diagnosis, fault report, capacity plan and so on. However, it?s challenging to detect these anomalies with high accuracy rate and time efficiency. Existing works are mainly classified into two streams, anomaly detection on link traffic and on global traffic. In this paper we discuss various anomaly detection methods on both types of traffic and compare their performance.
35
Chugh, Neeraj, Geetam Singh Tomar, Robin Singh Bhadoria, and Neetesh Saxena. "A Novel Anomaly Behavior Detection Scheme for Mobile Ad Hoc Networks." Electronics 10, no. 14 (2021): 1635. http://dx.doi.org/10.3390/electronics10141635.
Full textAbstract:
To sustain the security services in a Mobile Ad Hoc Networks (MANET), applications in terms of confidentially, authentication, integrity, authorization, key management, and abnormal behavior detection/anomaly detection are significant. The implementation of a sophisticated security mechanism requires a large number of network resources that degrade network performance. In addition, routing protocols designed for MANETs should be energy efficient in order to maximize network performance. In line with this view, this work proposes a new hybrid method called the data-driven zone-based routing protocol (DD-ZRP) for resource-constrained MANETs that incorporate anomaly detection schemes for security and energy awareness using Network Simulator 3. Most of the existing schemes use constant threshold values, which leads to false positive issues in the network. DD-ZRP uses a dynamic threshold to detect anomalies in MANETs. The simulation results show an improved detection ratio and performance for DD-ZRP over existing schemes; the method is substantially better than the prevailing protocols with respect to anomaly detection for security enhancement, energy efficiency, and optimization of available resources.
36
Saqib, Muhammad, Farrukh Zeeshan Khan, Muneer Ahmed, and Raja Majid Mehmood. "A critical review on security approaches to software-defined wireless sensor networking." International Journal of Distributed Sensor Networks 15, no. 12 (2019): 155014771988990. http://dx.doi.org/10.1177/1550147719889906.
Full textAbstract:
Wireless sensor networks (WSNs) are very prone to ongoing security threats due to its resource constraints and unprotected transmission medium. WSN contains hundreds and thousands of resource-constrained and self-organized sensor nodes. These sensor nodes are usually organized in a distributed manner; thus, it permits the creation of an ad hoc network without predefined infrastructure or centralized management. As WSNs are going to get control of real-time applications, where a malicious activity can cause serious damage, the inherent challenge is to fortify the security enforcement in these networks. As a solution, software-defined network (SDN) has come out and has been merged with WSN to form what is known as software-defined wireless sensor network (SDWSN). SDWSN has come into existence, and it legitimizes network operators with more flexibility and control over the network. SDWSN has more tightened the security enforcement based on the global view and centralized control of the network topology. Moreover, machine learning (ML)–based and deep learning (DL)–based network intrusion detection systems (NIDS) have been introduced to the SDN environment to protect the networks against anomaly threats. In this review article, we illustrated the SDN–based security approaches to WSN followed by its architectures, advantages, and possible security threats. Finally, ML/DL–based NIDS integrated with the SDN controller is proposed as a complete solution for the WSN environment to confront the ongoing anomaly threats and to sufficiently protect the network against both known and unknown attacks.
37
Zhang, Dinghua, Yibo Hu, Guoyan Cao, et al. "Dataflow Feature Analysis for Industrial Networks Communication Security." Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University 38, no. 1 (2020): 199–208. http://dx.doi.org/10.1051/jnwpu/20203810199.
Full textAbstract:
The autonomous security situation awareness on industrial networks communication has been a critical subject for industrial networks security analysis. In this paper, a CNN-based feature mining method for networks communication dataflow was proposed to intrusion detect industrial networks to extract security situation awareness. Specifically, a normalization technique uniforming different sorts of networks dataflow features was designed for dataflow features fusion in the proposed feature mining method. The proposed methods were used to detect the security situation of traditional IT networks and industrial control networks. Experiment results showed that the proposed feature analysis method had good transferability in the two network data, and the accuracy rate of network anomaly detection was ideal and had higher stability.
38
Aristizábal Q, Luz Angela, and Nicolás Toro G. "Multilayer Representation and Multiscale Analysis on Data Networks." International journal of Computer Networks & Communications 13, no. 3 (2021): 41–55. http://dx.doi.org/10.5121/ijcnc.2021.13303.
Full textAbstract:
The constant increase in the complexity of data networks motivates the search for strategies that make it possible to reduce current monitoring times. This paper shows the way in which multilayer network representation and the application of multiscale analysis techniques, as applied to software-defined networks, allows for the visualization of anomalies from "coarse views of the network topology". This implies the analysis of fewer data, and consequently the reduction of the time that a process takes to monitor the network. The fact that software-defined networks allow for the obtention of a global view of network behavior facilitates detail recovery from affected zones detected in monitoring processes. The method is evaluated by calculating the reduction factor of nodes, checked during anomaly detection, with respect to the total number of nodes in the network.
39
Xue, Feng, Weizhong Yan, Tianyi Wang, Hao Huang, and Bojun Feng. "Deep anomaly detection for industrial systems: a case study." Annual Conference of the PHM Society 12, no. 1 (2020): 8. http://dx.doi.org/10.36001/phmconf.2020.v12i1.1186.
Full textAbstract:
We explore the use of deep neural networks for anomaly detection of industrial systems where the data are multivariate time series measurements. We formulate the problem as a self-supervised learning where data under normal operation is used to train a deep neural network autoregressive model, i.e., use a window of time series data to predict future data values. The aim of such a model is to learn to represent the system dynamic behavior under normal conditions, while expect higher model vs. measurement discrepancies under faulty conditions. In real world applications, many control settings are categorical in nature. In this paper, vector embedding and joint losses are employed to deal with such situations. Both LSTM and CNN based deep neural network backbones are studied on the Secure Water Treatment (SWaT) testbed datasets. Also, Support Vector Data Description (SVDD) method is adapted to such anomaly detection settings with deep neural networks. Evaluation methods and results are discussed based on the SWaT dataset along with potential pitfalls.
40
Valiveti, Sharada Ramakrishna, Anush Manglani, and Tadrush Desai. "Anomaly-Based Intrusion Detection Systems for Mobile Ad Hoc Networks." International Journal of Systems and Software Security and Protection 12, no. 2 (2021): 11–32. http://dx.doi.org/10.4018/ijsssp.2021070102.
Full textAbstract:
Ad hoc networks are used in heterogeneous environments like tactical military applications, where no centrally coordinated infrastructure is available. The network is required to perform self-configuration, dynamic topology management, and ensure the self-sustainability of the network. Security is hence of paramount importance. Anomaly-based intrusion detection system (IDS) is a distributed activity carried out by all nodes of the network in a cooperative manner along with other related network activities like routing, etc. Machine learning and its advances have found a promising place in anomaly detection. This paper describes the journey of defining the most suitable routing protocol for implementing IDS for tactical applications, along with the selection of the related suitable data set. The paper also reviews the latest machine learning techniques, implementation capabilities, and limitations.
41
Irawan, Bambang. "Fenomena Anomali Iklim El Nino dan La Nina: Kecenderungan Jangka Panjang dan Pengaruhnya terhadap Produksi Pangan." Forum penelitian Agro Ekonomi 24, no. 1 (2016): 28. http://dx.doi.org/10.21082/fae.v24n1.2006.28-45.
Full textAbstract:
<strong>English</strong><br />El Nino occurrence tends to increase with longer duration, higher magnitude of climate anomaly, and shorter cycle period of occurrence. Climate anomaly induces decrease of rainfall and water availability with further consequence on food production decline by 3.06 percent for each El Nino case. Contrary to El Nino which causes rainfall and food production decreases, La Nina causes increases in rainfall and improves food production by 1.08 percent. The lowest production decrease induced by El Nino and the highest production increase caused by La Nina was observed on corn production indicating that corn production is the most sensitive to climate anomaly. To reduce possible food production decrease induced by El Nino a comprehensive mitigating policy is essential. The policy consists of three major efforts, namely: (1) establishment of earlier warning system on climate anomaly, (2) development of efficient dissemination system on climate anomaly information, and (3) developing, disseminating and facilitating farmers to implement cultural techniques adaptive to drought condition as well as improving, rehabilitating irrigation network and developing rainfall harvesting techniques.<br /><br /><br /><strong>Indonesian</strong><br />Frekuensi kejadian El Nino cenderung meningkat dengan durasi yang semakin panjang, tingkat anomali iklim yang semakin besar, dan siklus kejadian yang semakin pendek. Anomali iklim tersebut menyebabkan penurunan curah hujan dan ketersediaan air irigasi yang selanjutnya berimplikasi pada penurunan produksi pangan sebesar 3,06 persen untuk setiap kejadian El Nino. Sebaliknya, kejadian La Nina cenderung diikuti dengan peningkatan curah hujan dan merangsang peningkatan produksi pangan sebesar 1,08 persen untuk setiap kejadian La Nina. Penurunan produksi pangan akibat El Nino dan peningkatan produksi pangan akibat La Nina paling tinggi terjadi pada produksi jagung. Hal ini menunjukkan bahwa produksi jagung paling sensitif terhadap peristiwa anomali iklim. Dalam rangka menekan dampak negatif El Nino terhadap produksi pangan maka diperlukan kebijakan penanggulangan yang komprehensif yang meliputi tiga upaya pokok yaitu : (1) pengembangan sistem deteksi dini anomali iklim, (2) pengembangan sistem diseminasi informasi yang efisien tentang anomali iklim, dan (3) mengembangkan, mendiseminasikan dan memfasilitasi petani untuk menerapkan teknik budidaya tanaman yang adaptif terhadap situasi kekeringan di samping membangun dan merehabilitasi jaringan irigasi serta mengembangkan teknik pemanenan curah hujan.
42
Tahir, Muhammad, Mingchu Li, Naeem Ayoub, and Muhammad Aamir. "Efficacy Improvement of Anomaly Detection by Using Intelligence Sharing Scheme." Applied Sciences 9, no. 3 (2019): 364. http://dx.doi.org/10.3390/app9030364.
Full textAbstract:
Computer networks are facing threats of ever-increasing frequency and sophistication. Encryption is becoming the norm in both legitimate and malicious network traffic. Therefore, intrusion detection systems (IDSs) are now required to work efficiently regardless of the encryption. In this study, we propose two new methods to improve the efficacy of the Cisco Cognitive Threat Analytics (CTA) system. In the first method, the efficacy of CTA is improved by sharing of intelligence information across a large number of enterprise networks. In the second method, a four variant-based global reputation model (GRM) is designed by employing an outlier ensemble normalization algorithm in the presence of missing data. Intelligence sharing provides additional information in the intrusion detection process, which is much needed, particularly for analysis of encrypted traffic with inherently low information content. Robustness of the novel outlier ensemble normalization algorithm is also demonstrated. These improvements are measured using both encrypted and non-encrypted network traffic. Results show that the proposed information sharing methods greatly improve the anomaly detection efficacy of malicious network behavior with bad base-line detection efficacy and slightly improve upon the average case.
43
Li, Meng, Shuangxin Wang, Shanxiang Fang, and Juchao Zhao. "Anomaly Detection of Wind Turbines Based on Deep Small-World Neural Network." Applied Sciences 10, no. 4 (2020): 1243. http://dx.doi.org/10.3390/app10041243.
Full textAbstract:
Accurate and efficient condition monitoring is the key to enhance the reliability and security of wind turbines. In recent years, an intelligent anomaly detection method based on deep learning networks has been receiving increasing attention. Since accurately labeled data are usually difficult to obtain in real industries, this paper proposes a novel Deep Small-World Neural Network (DSWNN) on the basis of unsupervised learning to detect the early failures of wind turbines. During network construction, a regular auto-encoder network with multiple restricted Boltzmann machines is first constructed and pre-trained by using unlabeled data of wind turbines. After that, the trained network is transformed into a DSWNN model by randomly add-edges method, where the network parameters are fine-tuned by using minimal amounts of labeled data. In order to guard against the changes and disturbances of wind speed and reduce false alarms, an adaptive threshold based on extreme value theory is presented as the criterion of anomaly judgment. The DSWNN model is excellent in depth mining data characteristics and accurate measurement error. Last, two failure cases of wind turbine anomaly detection are given to demonstrate its validity and accuracy of the proposed methodology contrasted with the deep belief network and deep neural network.
44
Huang, Che-Hsuan, Pei-Hsuan Lee, Shu-Hsiu Chang, et al. "Automated Optical Inspection Method for Light-Emitting Diode Defect Detection Using Unsupervised Generative Adversarial Neural Network." Crystals 11, no. 9 (2021): 1048. http://dx.doi.org/10.3390/cryst11091048.
Full textAbstract:
Many automated optical inspection (AOI) companies use supervised object detection networks to inspect items, a technique which expends tremendous time and energy to mark defectives. Therefore, we propose an AOI system which uses an unsupervised learning network as the base algorithm to simultaneously generate anomaly alerts and reduce labeling costs. This AOI system works by deploying the GANomaly neural network and the supervised network to the manufacturing system. To improve the ability to distinguish anomaly items from normal items in industry and enhance the overall performance of the manufacturing process, the system uses the structural similarity index (SSIM) as part of the loss function as well as the scoring parameters. Thus, the proposed system will achieve the requirements of smart factories in the future (Industry 4.0).
45
Vigoya, Laura, Diego Fernandez, Victor Carneiro, and Fidel Cacheda. "Annotated Dataset for Anomaly Detection in a Data Center with IoT Sensors." Sensors 20, no. 13 (2020): 3745. http://dx.doi.org/10.3390/s20133745.
Full textAbstract:
The relative simplicity of IoT networks extends service vulnerabilities and possibilities to different network failures exhibiting system weaknesses. Therefore, having a dataset with a sufficient number of samples, labeled and with a systematic analysis, is essential in order to understand how these networks behave and detect traffic anomalies. This work presents DAD: a complete and labeled IoT dataset containing a reproduction of certain real-world behaviors as seen from the network. To approximate the dataset to a real environment, the data were obtained from a physical data center, with temperature sensors based on NFC smart passive sensor technology. Having carried out different approaches, performing mathematical modeling using time series was finally chosen. The virtual infrastructure necessary for the creation of the dataset is formed by five virtual machines, a MQTT broker and four client nodes, each of them with four sensors of the refrigeration units connected to the internal IoT network. DAD presents a seven day network activity with three types of anomalies: duplication, interception and modification on the MQTT message, spread over 5 days. Finally, a feature description is performed, so it can be used for the application of the various techniques of prediction or automatic classification.
46
Kodituwakku, Hansaka Angel Dias Edirisinghe, Alex Keller, and Jens Gregor. "InSight2: A Modular Visual Analysis Platform for Network Situational Awareness in Large-Scale Networks." Electronics 9, no. 10 (2020): 1747. http://dx.doi.org/10.3390/electronics9101747.
Full textAbstract:
The complexity and throughput of computer networks are rapidly increasing as a result of the proliferation of interconnected devices, data-driven applications, and remote working. Providing situational awareness for computer networks requires monitoring and analysis of network data to understand normal activity and identify abnormal activity. A scalable platform to process and visualize data in real time for large-scale networks enables security analysts and researchers to not only monitor and study network flow data but also experiment and develop novel analytics. In this paper, we introduce InSight2, an open-source platform for manipulating both streaming and archived network flow data in real time that aims to address the issues of existing solutions such as scalability, extendability, and flexibility. Case-studies are provided that demonstrate applications in monitoring network activity, identifying network attacks and compromised hosts and anomaly detection.
47
Bin, Wang, Zhi Chao Zhao, and Yong Cheng Jiang. "The Application of Network Anomaly Mining Technology in Campus Network Information Security." Advanced Materials Research 756-759 (September 2013): 998–1002. http://dx.doi.org/10.4028/www.scientific.net/amr.756-759.998.
Full textAbstract:
Web Service architecture gradually matures in the related applications of campus network, but campus network anomaly mining technology still needs further development in its confidentiality, integrity, and non-repudiation problems. In SOA, campus network anomaly mining technology still needs to strengthen safety and reliability. Based on suffix tree technology, this paper proposed the application of campus network information security technology based on network anomaly mining technology, analyzed the campus network security features in detail, and designed an anomaly mining algorithm on suffix tree campus network security. Computer simulation results show that the proposed method can rapidly mine the abnormalities of the network and ensure the security of campus network.
48
Lawal, Muhammad Aminu, Riaz Ahmed Shaikh, and Syed Raheel Hassan. "An Anomaly Mitigation Framework for IoT Using Fog Computing." Electronics 9, no. 10 (2020): 1565. http://dx.doi.org/10.3390/electronics9101565.
Full textAbstract:
The advancement in IoT has prompted its application in areas such as smart homes, smart cities, etc., and this has aided its exponential growth. However, alongside this development, IoT networks are experiencing a rise in security challenges such as botnet attacks, which often appear as network anomalies. Similarly, providing security solutions has been challenging due to the low resources that characterize the devices in IoT networks. To overcome these challenges, the fog computing paradigm has provided an enabling environment that offers additional resources for deploying security solutions such as anomaly mitigation schemes. In this paper, we propose a hybrid anomaly mitigation framework for IoT using fog computing to ensure faster and accurate anomaly detection. The framework employs signature- and anomaly-based detection methodologies for its two modules, respectively. The signature-based module utilizes a database of attack sources (blacklisted IP addresses) to ensure faster detection when attacks are executed from the blacklisted IP address, while the anomaly-based module uses an extreme gradient boosting algorithm for accurate classification of network traffic flow into normal or abnormal. We evaluated the performance of both modules using an IoT-based dataset in terms response time for the signature-based module and accuracy in binary and multiclass classification for the anomaly-based module. The results show that the signature-based module achieves a fast attack detection of at least six times faster than the anomaly-based module in each number of instances evaluated. The anomaly-based module using the XGBoost classifier detects attacks with an accuracy of 99% and at least 97% for average recall, average precision, and average F1 score for binary and multiclass classification. Additionally, it recorded 0.05 in terms of false-positive rates.
49
Pu, Jiansu, Jingwen Zhang, Hui Shao, Tingting Zhang, and Yunbo Rao. "egoDetect: Visual Detection and Exploration of Anomaly in Social Communication Network." Sensors 20, no. 20 (2020): 5895. http://dx.doi.org/10.3390/s20205895.
Full textAbstract:
The development of the Internet has made social communication increasingly important for maintaining relationships between people. However, advertising and fraud are also growing incredibly fast and seriously affect our daily life, e.g., leading to money and time losses, trash information, and privacy problems. Therefore, it is very important to detect anomalies in social networks. However, existing anomaly detection methods cannot guarantee the correct rate. Besides, due to the lack of labeled data, we also cannot use the detection results directly. In other words, we still need human analysts in the loop to provide enough judgment for decision making. To help experts analyze and explore the results of anomaly detection in social networks more objectively and effectively, we propose a novel visualization system, egoDetect, which can detect the anomalies in social communication networks efficiently. Based on the unsupervised anomaly detection method, the system can detect the anomaly without training and get the overview quickly. Then we explore an ego’s topology and the relationship between egos and alters by designing a novel glyph based on the egocentric network. Besides, it also provides rich interactions for experts to quickly navigate to the interested users for further exploration. We use an actual call dataset provided by an operator to evaluate our system. The result proves that our proposed system is effective in the anomaly detection of social networks.
50
Wu, Renyong, Xue Deng, Rongxing Lu, and Xuemin (Sherman) Shen. "Trust-Based Anomaly Detection in Emerging Sensor Networks." International Journal of Distributed Sensor Networks 2015 (2015): 1–14. http://dx.doi.org/10.1155/2015/363569.
Full textAbstract:
Wireless sensor networks (WSNs) consist of a large number of small-size, energy-constrained nodes and generally are deployed to monitor surrounding situation or relay generated packets in other devices. However, due to the openness of wireless media and the inborn self-organization feature of WSNs, that is, frequent interoperations among neighbouring nodes, network security has been tightly related to data credibility and/or transmission reliability, thus trust evaluation of network nodes is becoming another interesting issue. Obviously, how to describe node’s behaviors and how to integrate various characteristics to make the final decision are two major research aspects of trust model. In this paper, a new trust model is proposed to detect anomaly nodes based on fuzzy theory and revised evidence theory. By monitoring the behaviors of the evaluated nodes with multidimensional characteristics and integrating these pieces of information, the malicious nodes in a network can be identified and the normal operation of the whole network can be verified. In addition, to accelerate the detection process, a weighting judgment mechanism is adopted to deal with the uncertain states of evaluated nodes. Finally extensive simulations are conducted, and the results demonstrate that the proposed trust model can achieve higher detection ratio of malicious nodes in comparison with the previously reported results.