Skip to main content

Research Repository

See what's under the surface

Advanced Search

Symmetry degree measurement and its applications to anomaly detection

Qin, Tao; Liu, Zhaoli; Wang, Pinghui; Li, Shancang; Guan, Xiaohong; Gao, Lixin

Symmetry degree measurement and its applications to anomaly detection Thumbnail


Tao Qin

Zhaoli Liu

Pinghui Wang

Shancang Li
Senior Lecturer in Computer Forensics and Security

Xiaohong Guan

Lixin Gao


IEEE Anomaly detection is an important technique used to identify patterns of unusual network behavior and keep the network under control. Today, network attacks are increasing in terms of both their number and sophistication. To avoid causing significant traffic patterns and being detected by existing techniques, many new attacks tend to involve gradual adjustment of behaviors, which always generate incomplete sessions due to their running mechanisms. Accordingly, in this work, we employ the behavior symmetry degree to profile the anomalies and further identify unusual behaviors. We first proposed a symmetry degree to identify the incomplete sessions generated by unusual behaviors; we then employ a sketch to calculate the symmetry degree of internal hosts to improve the identification efficiency for online applications. To reduce the memory cost and probability of collision, we divide the IP addresses into four segments that can be used as keys of the hash functions in the sketch. Moreover, to further improve detection accuracy, a threshold selection method is proposed for dynamic traffic pattern analysis. The hash functions in the sketch are then designed using Chinese remainder theory, which can analytically trace the IP addresses associated with the anomalies. We tested the proposed techniques based on traffic data collected from the northwest center of CERNET (China Education and Research Network); the results show that the proposed methods can effectively detect anomalies in large-scale networks.

Journal Article Type Article
Publication Date Aug 7, 2019
Journal IEEE Transactions on Information Forensics and Security
Print ISSN 1556-6013
Electronic ISSN 1556-6021
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Volume 15
APA6 Citation Qin, T., Liu, Z., Wang, P., Li, S., Guan, X., & Gao, L. (2019). Symmetry degree measurement and its applications to anomaly detection. IEEE Transactions on Information Forensics and Security, 15,
Keywords IP networks , Anomaly detection , Hash functions , Security , Monitoring , Feature extraction , Computational modeling, smart attacks, behavior patterns, symmetry degree, degree sketch, anomaly tracing
Publisher URL


Symmetry.pdf (1.4 Mb)


Copyright Statement
© © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

You might also like

Downloadable Citations