Using Intuitionistic Fuzzy Set for Anomaly Detection of Network Traffic From Flow Interaction
Autor: | Hai Zhao, Jiuqiang Xu, Shuai Chao, Chunyang Zheng, Hequn Li, Hongsong Zhu, Jin-Fa Wang |
---|---|
Jazyk: | angličtina |
Rok vydání: | 2018 |
Předmět: |
General Computer Science
Computer science Fuzzy set 02 engineering and technology Similarity (network science) complex network 0202 electrical engineering electronic engineering information engineering General Materials Science multivariate flow similarity Cluster analysis flow interaction business.industry Network packet General Engineering 020206 networking & telecommunications Pattern recognition temporal locality Complex network anomaly detection Network traffic flow 020201 artificial intelligence & image processing Anomaly detection Artificial intelligence lcsh:Electrical engineering. Electronics. Nuclear engineering business lcsh:TK1-9971 Membership function |
Zdroj: | IEEE Access, Vol 6, Pp 64801-64816 (2018) |
ISSN: | 2169-3536 |
Popis: | We present a method to detect anomalies in time series of flow interaction patterns. There are many existing methods for anomaly detection in network traffic, such as the number of packets. However, there is no established method to detect anomalies in time series of flow interaction patterns that can be represented as complex network. First, based on the proposed multivariate flow similarity method on temporal locality, a complex network model (MFS-TL) is constructed to describe the interactive behaviors of traffic flows. After analyzing the relationships between MFS-TL characteristics, temporal locality window, and multivariate flow similarity critical threshold, an approach for parameters determination was established. Observed the evolution of MFS-TL characteristics, three non-deterministic correlations were defined for network states (i.e., normal or abnormal). Furthermore, intuitionistic fuzzy set (IFS) is introduced to quantify three non-deterministic correlations, and an anomaly detection method is put forward for single characteristic sequence. In order to build an objective IFS, we design a Gaussian distribution-based membership function with a variable hesitation degree. To determine the mapping of IFS’s clustering intervals to network states, a distinction index is developed. Furthermore, an IFS ensemble method (IFSE-AD) is proposed to eliminate the impacts of the inconsistent about MFS-TL characteristic to network state and to improve detection performance. Finally, we carried out extensive experiments on some network traffic datasets, and the results validate the effectiveness of our method and demonstrate the superiority of IFSE-AD to state-of-the-art approaches. |
Databáze: | OpenAIRE |
Externí odkaz: |