Journal of Information Security

Volume 2, Issue 4 (October 2011)

ISSN Print: 2153-1234   ISSN Online: 2153-1242

Google-based Impact Factor: 3.79  Citations  

Anomalous Network Packet Detection Using Data Stream Mining

HTML  Download Download as PDF (Size: 412KB)  PP. 158-168  
DOI: 10.4236/jis.2011.24016    6,761 Downloads   14,204 Views  Citations

Affiliation(s)

.

ABSTRACT

In recent years, significant research has been devoted to the development of Intrusion Detection Systems (IDS) able to detect anomalous computer network traffic indicative of malicious activity. While signature-based IDS have proven effective in discovering known attacks, anomaly-based IDS hold the even greater promise of being able to automatically detect previously undocumented threats. Traditional IDS are generally trained in batch mode, and therefore cannot adapt to evolving network data streams in real time. To resolve this limitation, data stream mining techniques can be utilized to create a new type of IDS able to dynamically model a stream of network traffic. In this paper, we present two methods for anomalous network packet detection based on the data stream mining paradigm. The first of these is an adapted version of the DenStream algorithm for stream clustering specifically tailored to evaluate network traffic. In this algorithm, individual packets are treated as points and are flagged as normal or abnormal based on their belonging to either normal or outlier clusters. The second algorithm utilizes a histogram to create a model of the evolving network traffic to which incoming traffic can be compared using Pearson correlation. Both of these algorithms were tested using the first week of data from the DARPA ’99 dataset with Generic HTTP, Shell-code and Polymorphic attacks inserted. We were able to achieve reasonably high detection rates with moderately low false positive percentages for different types of attacks, though detection rates varied between the two algorithms. Overall, the histogram-based detection algorithm achieved slightly superior results, but required more parameters than the clustering-based algorithm. As a result of its fewer parameter requirements, the clustering approach can be more easily generalized to different types of network traffic streams.

Share and Cite:

Z. Miller, W. Deitrick and W. Hu, "Anomalous Network Packet Detection Using Data Stream Mining," Journal of Information Security, Vol. 2 No. 4, 2011, pp. 158-168. doi: 10.4236/jis.2011.24016.

Cited by

[1] Unsupervised anomaly detection: methods and applications
2022
[2] Analysis of Darknet Traffic for Criminal Activities Detection Using TF-IDF and Light Gradient Boosted Machine Learning Algorithm
2021
[3] Online Anomaly Detection Leveraging Stream-Based Clustering and Real-Time Telemetry
2020
[4] Real-time anomaly detection and mitigation using streaming telemetry in SDN
Turkish Journal of Electrical Engineering & Computer Sciences, 2019
[5] Mobile Agents for Detecting Network Attacks Using Timing Covert Channels.
J. Univers. Comput. Sci., 2019
[6] Anomaly Detection System for Internet Traffic based on TF-IDF and BFR Clustering Algorithms
2019
[7] Mobile Agents for Detecting Network Attacks Using Timing Covert Channels
2019
[8] NEW APPROACH FOR CLASSIFICATION R2L AND U2R ATTACKS IN INTRUSION DETECTION SYSTEM
2018
[9] The use of Histogram Analysis to Support Fast Selection of Predictive Features for Data Stream Mining
2018
[10] Minimal Triangle Area Mahalanobis Distance for Stream Homogeneous Group-based DDoS Classification.
2018
[11] Telemetry-based stream-learning of BGP anomalies
Big-DAMA 2018 Proceedings of the 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks, 2018
[12] Long Short-Term Memory-Based Recurrent Neural Network Approach for Intrusion Detection
2018
[13] Efficient intrusion detection using machine learning techniques
Journal of Advanced Research in Dynamical and Control Systems, 2018
[14] Outlier detection in the context of data stream mining: survey of approaches and cloud computing case study
2017
[15] Design of anomaly packet detection framework by data mining algorithm for network flow
2017
[16] Multistage process to decrease processing time in intrusion prevention system
2017
[17] Temporal Data Streams for Anomaly Intrusion Detection (Extended Version)
2016
[18] Anomaly Detection in Network Traffic Using Stream Data Mining: Review
2016
[19] A Survey on Outlier Detection in the Context of Stream Mining: Review of Existing Approaches and Recommadations
Intelligent Systems Design and Applications, 2016
[20] Anomalous network packet detection
2015
[21] Statistical analysis on aggregate and flow based traffic features distribution
2015 1st International Conference on Wireless and Telematics (ICWT), 2015
[22] Data mining framework for computer Network security Management
2015
[23] Online Network Intrusion Detection System Using VFDT
S Gore, P Gupta - ijetae.com, 2014
[24] ТЕНДЕНЦИИ РАЗВИТИЯ ТЕХНОЛОГИИ ОБНАРУЖЕНИЯ АНОМАЛИЙ СЕТЕВОГО ТРАФИКА
2014
[25] Anomaly detection system by mining frequent pattern using data mining algorithm from network flow
2014
[26] Online network intrusion detection system using temporal logic and stream data processing
2013
[27] Data Stream Subspace Clustering for Anomalous Network Packet Detection
Journal of Information Security, 2012
[28] Data Stream Subspace Clustering for Anomalous Network Packet Detection.
2012

Journals Menu
Follow SCIRP
Contact us
+1 323-425-8868
customer@scirp.org
WhatsApp +86 18163351462(WhatsApp)
Click here to send a message to me 1655362766
Paper Publishing WeChat

Copyright © 2024 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.