{"title":"一种基于特征的带草图的MSPCA异常检测系统","authors":"Zhaomin Chen, C. Yeo, Bu-Sung Lee, C. Lau","doi":"10.1109/WOCC.2017.7928975","DOIUrl":null,"url":null,"abstract":"Anomaly detection is critical given the raft of cyber attacks these days. It is thus essential to identify the network anomalies more accurately. In this paper, we propose a novel network anomaly detection system which combines random projections (sketches) and feature-based MSPCA to detect anomalous source IP addresses. By combining PCA and wavelet analysis, MSPCA can separate anomalous data efficiently. Incorporating with Sketch data structure enables our system to identify anomalous source IP addresses. In our proposed system, we extract several network flow-based features which are helpful in exposing the different kinds of attacks. We conduct two comparisons using real network traces from MAWI dataset. The results show that MSPCA-based method has better performance than PCA-based one. In addition, feature-based anomaly detection system is superior in detecting more subtle attacks than one based on packet counting.","PeriodicalId":6471,"journal":{"name":"2017 26th Wireless and Optical Communication Conference (WOCC)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"A novel anomaly detection system using feature-based MSPCA with sketch\",\"authors\":\"Zhaomin Chen, C. Yeo, Bu-Sung Lee, C. Lau\",\"doi\":\"10.1109/WOCC.2017.7928975\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Anomaly detection is critical given the raft of cyber attacks these days. It is thus essential to identify the network anomalies more accurately. In this paper, we propose a novel network anomaly detection system which combines random projections (sketches) and feature-based MSPCA to detect anomalous source IP addresses. By combining PCA and wavelet analysis, MSPCA can separate anomalous data efficiently. Incorporating with Sketch data structure enables our system to identify anomalous source IP addresses. In our proposed system, we extract several network flow-based features which are helpful in exposing the different kinds of attacks. We conduct two comparisons using real network traces from MAWI dataset. The results show that MSPCA-based method has better performance than PCA-based one. In addition, feature-based anomaly detection system is superior in detecting more subtle attacks than one based on packet counting.\",\"PeriodicalId\":6471,\"journal\":{\"name\":\"2017 26th Wireless and Optical Communication Conference (WOCC)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 26th Wireless and Optical Communication Conference (WOCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WOCC.2017.7928975\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 26th Wireless and Optical Communication Conference (WOCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WOCC.2017.7928975","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A novel anomaly detection system using feature-based MSPCA with sketch
Anomaly detection is critical given the raft of cyber attacks these days. It is thus essential to identify the network anomalies more accurately. In this paper, we propose a novel network anomaly detection system which combines random projections (sketches) and feature-based MSPCA to detect anomalous source IP addresses. By combining PCA and wavelet analysis, MSPCA can separate anomalous data efficiently. Incorporating with Sketch data structure enables our system to identify anomalous source IP addresses. In our proposed system, we extract several network flow-based features which are helpful in exposing the different kinds of attacks. We conduct two comparisons using real network traces from MAWI dataset. The results show that MSPCA-based method has better performance than PCA-based one. In addition, feature-based anomaly detection system is superior in detecting more subtle attacks than one based on packet counting.