Tao Qin
Symmetry degree measurement and its applications to anomaly detection
Qin, Tao; Liu, Zhaoli; Wang, Pinghui; Li, Shancang; Guan, Xiaohong; Gao, Lixin
Authors
Zhaoli Liu
Pinghui Wang
Shancang Li
Xiaohong Guan
Lixin Gao
Abstract
IEEE Anomaly detection is an important technique used to identify patterns of unusual network behavior and keep the network under control. Today, network attacks are increasing in terms of both their number and sophistication. To avoid causing significant traffic patterns and being detected by existing techniques, many new attacks tend to involve gradual adjustment of behaviors, which always generate incomplete sessions due to their running mechanisms. Accordingly, in this work, we employ the behavior symmetry degree to profile the anomalies and further identify unusual behaviors. We first proposed a symmetry degree to identify the incomplete sessions generated by unusual behaviors; we then employ a sketch to calculate the symmetry degree of internal hosts to improve the identification efficiency for online applications. To reduce the memory cost and probability of collision, we divide the IP addresses into four segments that can be used as keys of the hash functions in the sketch. Moreover, to further improve detection accuracy, a threshold selection method is proposed for dynamic traffic pattern analysis. The hash functions in the sketch are then designed using Chinese remainder theory, which can analytically trace the IP addresses associated with the anomalies. We tested the proposed techniques based on traffic data collected from the northwest center of CERNET (China Education and Research Network); the results show that the proposed methods can effectively detect anomalies in large-scale networks.
Journal Article Type | Article |
---|---|
Acceptance Date | May 1, 2019 |
Online Publication Date | Aug 7, 2019 |
Publication Date | Aug 7, 2019 |
Deposit Date | May 2, 2019 |
Publicly Available Date | Sep 8, 2019 |
Journal | IEEE Transactions on Information Forensics and Security |
Print ISSN | 1556-6013 |
Publisher | Institute of Electrical and Electronics Engineers |
Peer Reviewed | Peer Reviewed |
Volume | 15 |
Pages | 1040-1055 |
DOI | https://doi.org/10.1109/TIFS.2019.2933731 |
Keywords | IP networks , Anomaly detection , Hash functions , Security , Monitoring , Feature extraction , Computational modeling, smart attacks, behavior patterns, symmetry degree, degree sketch, anomaly tracing |
Public URL | https://uwe-repository.worktribe.com/output/847540 |
Publisher URL | https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=10206 |
Contract Date | May 2, 2019 |
Files
Symmetry.pdf
(1.4 Mb)
PDF
Licence
http://www.rioxx.net/licenses/all-rights-reserved
Copyright Statement
© © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search