Network anomaly detection based on probabilistic analysis
| Autor: | Yunyoung Nam, Dong Hag Choi, Doo-Soon Park, JinSoo Park, Min Hong, You-Boo Jeon |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Mahalanobis distance
Computer science Anomaly-based intrusion detection system Feature vector 020206 networking & telecommunications Multivariate normal distribution Denial-of-service attack 02 engineering and technology computer.software_genre Theoretical Computer Science 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Probabilistic analysis of algorithms Anomaly detection Geometry and Topology Data mining computer Software |
| Zdroj: | Soft Computing. 22:6621-6627 |
| ISSN: | 1433-7479 1432-7643 |
| Popis: | In this paper, we propose a method to detect network intrusions using anomaly detection technique based on probabilistic analysis. Victim’s computers under attack show various symptoms such as degradation of TCP throughput, increase in CPU usage, increased round trip time, frequent disconnection to the Web sites, etc. These symptoms can be used as components to construct the k-dimensional feature space of multivariate normal distribution, in which case an anomaly detection method can be applied for the detection of the attack on the distribution. These features are generally highly correlated. Thus we choose only a few of these features for the anomaly detection in multivariate normal distribution. We use Mahalanobis distance to detect the anomalies for each data, normal, and abnormal. Anomalies are identified when their square root of Mahalanobis distance exceeds certain threshold. A detailed description of the threshold setting and the various experiments are discussed in simulation results. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full text from SpringerLink