Peter Kromkowski, Shaoran Li, Wenxi Zhao, Brendan Abraham, Austin Osborne, Donald E. Brown
{"title":"评估网络流量异常检测的统计模型","authors":"Peter Kromkowski, Shaoran Li, Wenxi Zhao, Brendan Abraham, Austin Osborne, Donald E. Brown","doi":"10.1109/SIEDS.2019.8735594","DOIUrl":null,"url":null,"abstract":"Large organizations may have hundreds or thousands of applications running simultaneously to support their operations. To maintain high levels of efficiency, they need to quickly detect outages or anomalies in order to quickly fix the problem and reduce costs. This paper describes the analytical framework for a network traffic data anomaly-detection method to reduce application downtime and the need for human involvement in detecting or reporting anomalous application behavior. We use the described framework to compare the performances of a Seasonal Autoregressive Integrated Moving Average (SARIMA) times series model and Long Short-Term Memory (LSTM) Autoencoder model at anomaly detection. We evaluated these models using false positive rates and accuracy, with a requirement of being able to give timely alerts, and saw that even though both models were accurate, their false positive rates were very high. We then improved overall detection performance by ensembling the SARIMA and LSTM autoencoder. Our results demonstrate a possible new method of anomaly detection in network traffic flow using time series and autoencoders.","PeriodicalId":265421,"journal":{"name":"2019 Systems and Information Engineering Design Symposium (SIEDS)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Evaluating Statistical Models for Network Traffic Anomaly Detection\",\"authors\":\"Peter Kromkowski, Shaoran Li, Wenxi Zhao, Brendan Abraham, Austin Osborne, Donald E. Brown\",\"doi\":\"10.1109/SIEDS.2019.8735594\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Large organizations may have hundreds or thousands of applications running simultaneously to support their operations. To maintain high levels of efficiency, they need to quickly detect outages or anomalies in order to quickly fix the problem and reduce costs. This paper describes the analytical framework for a network traffic data anomaly-detection method to reduce application downtime and the need for human involvement in detecting or reporting anomalous application behavior. We use the described framework to compare the performances of a Seasonal Autoregressive Integrated Moving Average (SARIMA) times series model and Long Short-Term Memory (LSTM) Autoencoder model at anomaly detection. We evaluated these models using false positive rates and accuracy, with a requirement of being able to give timely alerts, and saw that even though both models were accurate, their false positive rates were very high. We then improved overall detection performance by ensembling the SARIMA and LSTM autoencoder. Our results demonstrate a possible new method of anomaly detection in network traffic flow using time series and autoencoders.\",\"PeriodicalId\":265421,\"journal\":{\"name\":\"2019 Systems and Information Engineering Design Symposium (SIEDS)\",\"volume\":\"58 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 Systems and Information Engineering Design Symposium (SIEDS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SIEDS.2019.8735594\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 Systems and Information Engineering Design Symposium (SIEDS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIEDS.2019.8735594","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Evaluating Statistical Models for Network Traffic Anomaly Detection
Large organizations may have hundreds or thousands of applications running simultaneously to support their operations. To maintain high levels of efficiency, they need to quickly detect outages or anomalies in order to quickly fix the problem and reduce costs. This paper describes the analytical framework for a network traffic data anomaly-detection method to reduce application downtime and the need for human involvement in detecting or reporting anomalous application behavior. We use the described framework to compare the performances of a Seasonal Autoregressive Integrated Moving Average (SARIMA) times series model and Long Short-Term Memory (LSTM) Autoencoder model at anomaly detection. We evaluated these models using false positive rates and accuracy, with a requirement of being able to give timely alerts, and saw that even though both models were accurate, their false positive rates were very high. We then improved overall detection performance by ensembling the SARIMA and LSTM autoencoder. Our results demonstrate a possible new method of anomaly detection in network traffic flow using time series and autoencoders.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
