Tao Qin
Symmetry degree measurement and its applications to anomaly detection
Qin, Tao; Liu, Zhaoli; Wang, Pinghui; Li, Shancang; Guan, Xiaohong; Gao, Lixin
Authors
Zhaoli Liu
Pinghui Wang
Shancang Li
Xiaohong Guan
Lixin Gao
Abstract
IEEE Anomaly detection is an important technique used to identify patterns of unusual network behavior and keep the network under control. Today, network attacks are increasing in terms of both their number and sophistication. To avoid causing significant traffic patterns and being detected by existing techniques, many new attacks tend to involve gradual adjustment of behaviors, which always generate incomplete sessions due to their running mechanisms. Accordingly, in this work, we employ the behavior symmetry degree to profile the anomalies and further identify unusual behaviors. We first proposed a symmetry degree to identify the incomplete sessions generated by unusual behaviors; we then employ a sketch to calculate the symmetry degree of internal hosts to improve the identification efficiency for online applications. To reduce the memory cost and probability of collision, we divide the IP addresses into four segments that can be used as keys of the hash functions in the sketch. Moreover, to further improve detection accuracy, a threshold selection method is proposed for dynamic traffic pattern analysis. The hash functions in the sketch are then designed using Chinese remainder theory, which can analytically trace the IP addresses associated with the anomalies. We tested the proposed techniques based on traffic data collected from the northwest center of CERNET (China Education and Research Network); the results show that the proposed methods can effectively detect anomalies in large-scale networks.
Citation
Qin, T., Liu, Z., Wang, P., Li, S., Guan, X., & Gao, L. (2019). Symmetry degree measurement and its applications to anomaly detection. IEEE Transactions on Information Forensics and Security, 15, 1040-1055. https://doi.org/10.1109/TIFS.2019.2933731
Journal Article Type | Article |
---|---|
Acceptance Date | May 1, 2019 |
Online Publication Date | Aug 7, 2019 |
Publication Date | Aug 7, 2019 |
Deposit Date | May 2, 2019 |
Publicly Available Date | Sep 8, 2019 |
Journal | IEEE Transactions on Information Forensics and Security |
Print ISSN | 1556-6013 |
Electronic ISSN | 1556-6021 |
Publisher | Institute of Electrical and Electronics Engineers |
Peer Reviewed | Peer Reviewed |
Volume | 15 |
Pages | 1040-1055 |
DOI | https://doi.org/10.1109/TIFS.2019.2933731 |
Keywords | IP networks , Anomaly detection , Hash functions , Security , Monitoring , Feature extraction , Computational modeling, smart attacks, behavior patterns, symmetry degree, degree sketch, anomaly tracing |
Public URL | https://uwe-repository.worktribe.com/output/847540 |
Publisher URL | https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=10206 |
Files
Symmetry.pdf
(1.4 Mb)
PDF
Licence
http://www.rioxx.net/licenses/all-rights-reserved
Copyright Statement
You might also like
MIAEC: Missing data imputation based on the evidence Chain
(2018)
Journal Article
Lightweight cryptography methods
(2017)
Journal Article
Indoor localization based on hybrid Wi-Fi hotspots
(2017)
Journal Article
Securing the Internet of Things
(2017)
Book
A comparative study of android users’ privacy preferences under the runtime permission model
(2017)
Journal Article