Evaluating a modified PCA approach on network anomaly detection

Athanasios Delimargas, Emmanouil Skevakis, H. Halabian, I. Lambadaris, N. Seddigh, B. Nandy, R. Makkar
{"title":"Evaluating a modified PCA approach on network anomaly detection","authors":"Athanasios Delimargas, Emmanouil Skevakis, H. Halabian, I. Lambadaris, N. Seddigh, B. Nandy, R. Makkar","doi":"10.1109/NGNS.2014.6990240","DOIUrl":null,"url":null,"abstract":"As the number, complexity and diversity of cyber threats continues to increase, anomaly detection techniques have proven to be a powerful technique to augment existing methods of security threat detection. Research has shown that Principal Component Analysis (PCA) is an anomaly detection method known to be viable for pinpointing the existence of anomalies in network traffic. Despite its recognized utility in detecting cyber threats, previous relevant research work has highlighted certain inconsistencies when the classical PCA method is used to detect anomalies in network traffic, resulting in false positives and false negatives. Specifically, it has been shown that the efficiency of the results are highly dependent on the nature of the input data and the calibration of its parameters. In classical PCA, the parameters have to be carefully selected in order to correctly define the normal and abnormal space. By obtaining real network traffic traces from a small enterprise and artificially injecting anomalies, we experiment with a modified PCA method to address the above shortcomings. The results of our experimentation are encouraging. The results indicate our modified PCA method may possess promising capabilities to efficiently detect network anomalies while addressing some of the limitations of the classic PCA approach.","PeriodicalId":138330,"journal":{"name":"2014 International Conference on Next Generation Networks and Services (NGNS)","volume":"101 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Conference on Next Generation Networks and Services (NGNS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NGNS.2014.6990240","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10

Abstract

As the number, complexity and diversity of cyber threats continues to increase, anomaly detection techniques have proven to be a powerful technique to augment existing methods of security threat detection. Research has shown that Principal Component Analysis (PCA) is an anomaly detection method known to be viable for pinpointing the existence of anomalies in network traffic. Despite its recognized utility in detecting cyber threats, previous relevant research work has highlighted certain inconsistencies when the classical PCA method is used to detect anomalies in network traffic, resulting in false positives and false negatives. Specifically, it has been shown that the efficiency of the results are highly dependent on the nature of the input data and the calibration of its parameters. In classical PCA, the parameters have to be carefully selected in order to correctly define the normal and abnormal space. By obtaining real network traffic traces from a small enterprise and artificially injecting anomalies, we experiment with a modified PCA method to address the above shortcomings. The results of our experimentation are encouraging. The results indicate our modified PCA method may possess promising capabilities to efficiently detect network anomalies while addressing some of the limitations of the classic PCA approach.
评价一种改进的PCA方法在网络异常检测中的应用
随着网络威胁的数量、复杂性和多样性不断增加,异常检测技术已被证明是一种强大的技术,可以补充现有的安全威胁检测方法。研究表明,主成分分析(PCA)是一种已知可行的异常检测方法,可用于确定网络流量中是否存在异常。尽管在检测网络威胁方面具有公认的效用,但先前的相关研究工作强调了经典PCA方法在检测网络流量异常时的某些不一致性,导致假阳性和假阴性。具体来说,结果的效率高度依赖于输入数据的性质及其参数的校准。在经典的主成分分析中,为了正确地定义正常和异常空间,必须仔细选择参数。通过获取小型企业的真实网络流量轨迹并人为注入异常,我们尝试了一种改进的PCA方法来解决上述缺点。我们试验的结果令人鼓舞。结果表明,我们改进的主成分分析方法可能具有有效检测网络异常的能力,同时解决了经典主成分分析方法的一些局限性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信