Home > Research > Publications & Outputs > Automatic detection of computer network traffic...

Associated organisational unit

Electronic data

  • WCCI_verReview1

    Rights statement: ©2018 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 679 KB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

Automatic detection of computer network traffic anomalies based on eccentricity analysis

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Automatic detection of computer network traffic anomalies based on eccentricity analysis. / Martins, Rodrigo Siqueira; Angelov, Plamen; Costa, Bruno Sielly Jales.

2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2018. 8491507.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Martins, RS, Angelov, P & Costa, BSJ 2018, Automatic detection of computer network traffic anomalies based on eccentricity analysis. in 2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 - Proceedings., 8491507, Institute of Electrical and Electronics Engineers Inc., 2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018, Rio de Janeiro, Brazil, 8/07/18. https://doi.org/10.1109/FUZZ-IEEE.2018.8491507

APA

Martins, R. S., Angelov, P., & Costa, B. S. J. (2018). Automatic detection of computer network traffic anomalies based on eccentricity analysis. In 2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 - Proceedings [8491507] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/FUZZ-IEEE.2018.8491507

Vancouver

Martins RS, Angelov P, Costa BSJ. Automatic detection of computer network traffic anomalies based on eccentricity analysis. In 2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2018. 8491507 doi: 10.1109/FUZZ-IEEE.2018.8491507

Author

Martins, Rodrigo Siqueira ; Angelov, Plamen ; Costa, Bruno Sielly Jales. / Automatic detection of computer network traffic anomalies based on eccentricity analysis. 2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2018.

Bibtex

@inproceedings{814bc19a3e9d4358bb3cc3bbc9190da7,
title = "Automatic detection of computer network traffic anomalies based on eccentricity analysis",
abstract = "In this paper, we propose an approach to automatic detection of attacks on computer networks using data that combine the traffic generated with'live' intra-cloud virtual-machine (VM) migration. The method used in this work is the recently introduced typicality and eccentricity data analytics (TEDA) framework. We compare the results of applying TEDA with the traditionally used methods such as statistical analysis, such as k-means clustering. One of the biggest challenges in computer network analysis using statistical or numerical methods is the fact that the protocols information is composed of integer/string values and, thus, not easy to handle by traditional pattern recognition methods that deal with real values. In this study we consider as features the tuple {IP source, IP destination, Port source and Port destination} extracted from the network flow data in addition to the traditionally used real values that represent the number of packets per time or quantity of bytes per time. Using entropy of the IP data helps to convert the integer raw data into real valued signatures. The proposed solution permit to build a real-time anomaly detection system and reduce the number of information that is necessary for evaluation. In general, the systems based on traffic are fast and are used in real time but they do not produce good results in attacks that produce a flow hidden within the background traffic or within a high traffic that is produced by other application. We validate our approach an a dataset which includes attacks on the network port scan (NPS) and network scan (NS) that permit hidden flow within the normal traffic and see this attacks together with live migration which produces a higher traffic flow.",
keywords = "Anomaly detection, Computer networks, Eccentricity, Live migration, Real time, TEDA, Typicality",
author = "Martins, {Rodrigo Siqueira} and Plamen Angelov and Costa, {Bruno Sielly Jales}",
note = "{\textcopyright}2018 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.; 2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 ; Conference date: 08-07-2018 Through 13-07-2018",
year = "2018",
month = oct,
day = "15",
doi = "10.1109/FUZZ-IEEE.2018.8491507",
language = "English",
booktitle = "2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 - Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

RIS

TY - GEN

T1 - Automatic detection of computer network traffic anomalies based on eccentricity analysis

AU - Martins, Rodrigo Siqueira

AU - Angelov, Plamen

AU - Costa, Bruno Sielly Jales

N1 - ©2018 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

PY - 2018/10/15

Y1 - 2018/10/15

N2 - In this paper, we propose an approach to automatic detection of attacks on computer networks using data that combine the traffic generated with'live' intra-cloud virtual-machine (VM) migration. The method used in this work is the recently introduced typicality and eccentricity data analytics (TEDA) framework. We compare the results of applying TEDA with the traditionally used methods such as statistical analysis, such as k-means clustering. One of the biggest challenges in computer network analysis using statistical or numerical methods is the fact that the protocols information is composed of integer/string values and, thus, not easy to handle by traditional pattern recognition methods that deal with real values. In this study we consider as features the tuple {IP source, IP destination, Port source and Port destination} extracted from the network flow data in addition to the traditionally used real values that represent the number of packets per time or quantity of bytes per time. Using entropy of the IP data helps to convert the integer raw data into real valued signatures. The proposed solution permit to build a real-time anomaly detection system and reduce the number of information that is necessary for evaluation. In general, the systems based on traffic are fast and are used in real time but they do not produce good results in attacks that produce a flow hidden within the background traffic or within a high traffic that is produced by other application. We validate our approach an a dataset which includes attacks on the network port scan (NPS) and network scan (NS) that permit hidden flow within the normal traffic and see this attacks together with live migration which produces a higher traffic flow.

AB - In this paper, we propose an approach to automatic detection of attacks on computer networks using data that combine the traffic generated with'live' intra-cloud virtual-machine (VM) migration. The method used in this work is the recently introduced typicality and eccentricity data analytics (TEDA) framework. We compare the results of applying TEDA with the traditionally used methods such as statistical analysis, such as k-means clustering. One of the biggest challenges in computer network analysis using statistical or numerical methods is the fact that the protocols information is composed of integer/string values and, thus, not easy to handle by traditional pattern recognition methods that deal with real values. In this study we consider as features the tuple {IP source, IP destination, Port source and Port destination} extracted from the network flow data in addition to the traditionally used real values that represent the number of packets per time or quantity of bytes per time. Using entropy of the IP data helps to convert the integer raw data into real valued signatures. The proposed solution permit to build a real-time anomaly detection system and reduce the number of information that is necessary for evaluation. In general, the systems based on traffic are fast and are used in real time but they do not produce good results in attacks that produce a flow hidden within the background traffic or within a high traffic that is produced by other application. We validate our approach an a dataset which includes attacks on the network port scan (NPS) and network scan (NS) that permit hidden flow within the normal traffic and see this attacks together with live migration which produces a higher traffic flow.

KW - Anomaly detection

KW - Computer networks

KW - Eccentricity

KW - Live migration

KW - Real time

KW - TEDA

KW - Typicality

U2 - 10.1109/FUZZ-IEEE.2018.8491507

DO - 10.1109/FUZZ-IEEE.2018.8491507

M3 - Conference contribution/Paper

AN - SCOPUS:85060455342

BT - 2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2018 IEEE International Conference on Fuzzy Systems, FUZZ 2018

Y2 - 8 July 2018 through 13 July 2018

ER -