Skip to main content

Research Repository

Advanced Search

Symmetry degree measurement and its applications to anomaly detection

Qin, Tao; Liu, Zhaoli; Wang, Pinghui; Li, Shancang; Guan, Xiaohong; Gao, Lixin

Symmetry degree measurement and its applications to anomaly detection Thumbnail


Tao Qin

Zhaoli Liu

Pinghui Wang

Shancang Li

Xiaohong Guan

Lixin Gao


IEEE Anomaly detection is an important technique used to identify patterns of unusual network behavior and keep the network under control. Today, network attacks are increasing in terms of both their number and sophistication. To avoid causing significant traffic patterns and being detected by existing techniques, many new attacks tend to involve gradual adjustment of behaviors, which always generate incomplete sessions due to their running mechanisms. Accordingly, in this work, we employ the behavior symmetry degree to profile the anomalies and further identify unusual behaviors. We first proposed a symmetry degree to identify the incomplete sessions generated by unusual behaviors; we then employ a sketch to calculate the symmetry degree of internal hosts to improve the identification efficiency for online applications. To reduce the memory cost and probability of collision, we divide the IP addresses into four segments that can be used as keys of the hash functions in the sketch. Moreover, to further improve detection accuracy, a threshold selection method is proposed for dynamic traffic pattern analysis. The hash functions in the sketch are then designed using Chinese remainder theory, which can analytically trace the IP addresses associated with the anomalies. We tested the proposed techniques based on traffic data collected from the northwest center of CERNET (China Education and Research Network); the results show that the proposed methods can effectively detect anomalies in large-scale networks.


Qin, T., Liu, Z., Wang, P., Li, S., Guan, X., & Gao, L. (2019). Symmetry degree measurement and its applications to anomaly detection. IEEE Transactions on Information Forensics and Security, 15, 1040-1055.

Journal Article Type Article
Acceptance Date May 1, 2019
Online Publication Date Aug 7, 2019
Publication Date Aug 7, 2019
Deposit Date May 2, 2019
Publicly Available Date Sep 8, 2019
Journal IEEE Transactions on Information Forensics and Security
Print ISSN 1556-6013
Electronic ISSN 1556-6021
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Volume 15
Pages 1040-1055
Keywords IP networks , Anomaly detection , Hash functions , Security , Monitoring , Feature extraction , Computational modeling, smart attacks, behavior patterns, symmetry degree, degree sketch, anomaly tracing
Public URL
Publisher URL


Symmetry.pdf (1.4 Mb)


Copyright Statement
© © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Downloadable Citations