Definition
Network anomaly detection refers to the problem of finding anomalous patterns in network activities and behaviors, which deviate from normal network operational patterns. More specifically, in network anomaly detection context, a set of network actions, behaviors, or observations is pronounced anomalous when it does not conform by some measures to a model of profiled network behaviors, which is mostly based on modelling benign network traffic.
Overview
In today’s world, networks are growing fast and becoming more and more diverse, not only connecting people but also things. They account for a large proportion of the processing power, due to the trend of moving more and more of the computing and the data to the cloud systems. There might also come the time when the vast majority of things are controlled in a coordinated way over the network. This phenomenon not only opens...
References
Bhuyan MH, Bhattacharyya DK, Kalita JK (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surv Tutorials 16(1):303–336. https://doi.org/10.1109/SURV.2013.052213.00046
Casas P, Mazel J, Owezarski P (2012) Unsupervised network intrusion detection systems: detecting the unknown without knowledge. Comput Commun 35(7):772–783. https://doi.org/10.1016/j.comcom.2012.01.016
Dainotti A, Pescapé A, Ventre G (2007) Worm traffic analysis and characterization. In: 2007 IEEE international conference on communications, pp 1435–1442. https://doi.org/10.1109/ICC.2007.241
Dainotti A, Pescapé A, Ventre G (2009) A cascade architecture for DoS attacks detection based on the wavelet transform. J Comput Secur 17(6):945–968
Finamore A, Mellia M, Meo M (2011) Mining unclassified traffic using automatic clustering techniques. Springer, Berlin/Heidelberg, pp 150–163. https://doi.org/10.1007/978-3-642-20305-3_13
García S, Grill M, Stiborek J, Zunino A (2014) An empirical comparison of botnet detection methods. Comput Secur 45:100–123. https://doi.org/10.1016/j.cose.2014.05.011
Haddadi F, Zincir-Heywood AN (2016) Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification. IEEE Syst J 10:1390–1401. https://doi.org/10.1109/JSYST.2014.2364743
Ilgun K, Kemmerer RA, Porras PA (1995) State transition analysis: a rule-based intrusion detection approach. IEEE Trans Softw Eng 21(3):181–199. https://doi.org/10.1109/32.372146
Jiang S, Song X, Wang H, Han JJ, Li QH (2006) A clustering-based method for unsupervised intrusion detections. Pattern Recogn Lett 27(7):802–810. https://doi.org/10.1016/j.patrec.2005.11.007
Kayacik HG, Zincir-Heywood AN, Heywood MI (2007) A hierarchical SOM-based intrusion detection system. Eng Appl Artif Intell 20(4):439–451
Khanchi S, Heywood MI, Zincir-Heywood AN (2017) Properties of a GP active learning framework for streaming data with class imbalance. In: Proceedings of the genetic and evolutionary computation conference, pp 945–952. https://doi.org/10.1145/3071178.3071213
Kohonen T (2001) Self-organizing maps. Springer series in information sciences, vol 30, 3rd edn. Springer, Berlin/Heidelberg. https://doi.org/10.1007/978-3-642-56927-2
Laney D (2001) 3D data management: controlling data volume, velocity, and variety. Technical report, META Group
Le DC (2017) An unsupervised learning approach for network and system analysis. Master’s thesis, Dalhousie University
Le DC, Zincir-Heywood AN, Heywood MI (2016) Data analytics on network traffic flows for botnet behaviour detection. In: 2016 IEEE symposium series on computational intelligence (SSCI), pp 1–7. https://doi.org/10.1109/SSCI.2016.7850078
Leung K, Leckie C (2005) Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the twenty-eighth Australasian conference on computer science, vol 38, pp 333–342
Otey ME, Ghoting A, Parthasarathy S (2006) Fast distributed outlier detection in mixed-attribute data sets. Data Min Knowl Discov 12(2–3):203–228. https://doi.org/10.1007/s10618-005-0014-6
Perdisci R, Gu G, Lee W (2006) Using an ensemble of one-class SVM classifiers to harden payload-based anomaly detection systems. In: Sixth international conference on data mining (ICDM’06), pp 488–498. https://doi.org/10.1109/ICDM.2006.165
Rajashekar D, Zincir-Heywood AN, Heywood MI (2016) Smart phone user behaviour characterization based on autoencoders and self organizing maps. In: ICDM workshop on data mining for cyber security, pp 319–326. https://doi.org/10.1109/ICDMW.2016.0052
Rashid T, Agrafiotis I, Nurse JR (2016) A new take on detecting insider threats: exploring the use of hidden Markov models. In: Proceedings of the 8th ACM CCS international workshop on managing insider security threats, pp 47–56. https://doi.org/10.1145/2995959.2995964
Sequeira K, Zaki M (2002) ADMIT: anomaly-based data mining for intrusions. In: Proceedings of the eighth ACM SIGKDD international conference on knowledge discovery and data mining, pp 386–395. https://doi.org/10.1145/775047.775103
Shabtai A, Kanonov U, Elovici Y (2010) Intrusion detection for mobile devices using the knowledge-based, temporal abstraction method. J Syst Softw 83(8):1524–1537. https://doi.org/10.1016/j.jss.2010.03.046
Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy, pp 305–316. https://doi.org/10.1109/SP.2010.25
Thottan M, Ji C (2003) Anomaly detection in IP networks. IEEE Trans Signal Process 51(8):2191–2204
Veeramachaneni K, Arnaldo I, Korrapati V, Bassias C, Li K (2016) AIˆ2: training a big data machine to defend. In: 2016 IEEE 2nd international conference on big data security on cloud (BigDataSecurity). IEEE, pp 49–54. https://doi.org/10.1109/BigDataSecurity-HPSC-IDS.2016.79
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Section Editor information
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this entry
Cite this entry
Le, D.C., Zincir-Heywood, N. (2018). Big Data in Network Anomaly Detection. In: Sakr, S., Zomaya, A. (eds) Encyclopedia of Big Data Technologies. Springer, Cham. https://doi.org/10.1007/978-3-319-63962-8_161-1
Download citation
DOI: https://doi.org/10.1007/978-3-319-63962-8_161-1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-63962-8
Online ISBN: 978-3-319-63962-8
eBook Packages: Springer Reference MathematicsReference Module Computer Science and Engineering
Publish with us
Chapter history
-
Latest
Big Data in Network Anomaly Detection- Published:
- 06 February 2018
DOI: https://doi.org/10.1007/978-3-319-63962-8_161-1
-
Original
Big Data in Network Anomaly Detection- Published:
- 24 February 2012
DOI: https://doi.org/10.1007/978-3-319-63962-8_161-2