Anomaly Extraction in Networks

  IJCTT-book-cover
 
International Journal of Computer Trends and Technology (IJCTT)          
 
© 2014 by IJCTT Journal
Volume-9 Number-6                          
Year of Publication : 2014
Authors : Mr. Naushad Mujawar , Mr. Sohan Patil , Mr. Amit Kanase , Mr. Ravindra Jagadale , Prof. Gajanan Arsalwad
  10.14445/22312803/IJCTT-V9P160

MLA

Mr. Naushad Mujawar , Mr. Sohan Patil , Mr. Amit Kanase , Mr. Ravindra Jagadale , Prof. Gajanan Arsalwad."Anomaly Extraction in Networks". International Journal of Computer Trends and Technology (IJCTT) V9(6):327-330, March 2014. ISSN:2231-2803. www.ijcttjournal.org. Published by Seventh Sense Research Group.

Abstract -
The application detects anomaly in network using techniques like histogram, cloning voting, filtering. To extract anomalous flows, one could build a model describing normal flow characteristics and use the model to identify deviating flows. We can compare flows of packets on network with previous flows, like new flows that were not previously observed or flows with significant increase/decrease in their volume. Identify an anomalous flow that combines and consolidates information from multiple histogram-based anomaly detectors [1] [4] [8]. Compared to other possible approaches. Build a histogram based detector that (i) applies histogram cloning[1][4], i.e., maintains multiple randomized histograms to obtain additional views of network traffic[3]; and (ii) uses the Kullback-Leibler (KL) distance to detect anomalies.

References
[1] D. Brauckhoff, X. Dimitropoulos, A. Wagner, and K. Salamatian, “Anomaly extraction in backbone networks using association rules,” in IMC’09, November 2009.
[2] D. Brauckhoff, M. May, and K. Salamatian, “Applying PCA for Traffic Anomaly Detection: Problems and Solutions,” in IEEE INFOCOM Mini Conference, 2009.
[3] A. Kind, M. P. Stoecklin, and X. Dimitropoulos, “Histogram-based traffic anomaly detection,” IEEE Transactions on Network and Service Management, vol. to appear, 2009.
[4] K. H. Ramah, K. Salamatian, and F. Kamoun, “Scan surveillance in internet networks,” in Networking, 2009, pp. 614–625.
[5] V. Chandola and V. Kumar, “Summarization - compressing data into an informative representation,” Knowl. Inf. Syst., vol. 12, pp. 355–378, 2007.
[6] G. Cormode and S. Muthukrishnan, “An improved data stream summary: The count-min sketch and its applications,” J. Algorithms, vol. 55, no. 1, pp. 58–75, 2005.
[7] X. Li, F. Bian, M. Crovella, C. Diot, R. Govindan, G. Iannaccone, and A. Lakhina, “Detection and identification of network anomalies using sketch subspaces,” in IMC ’06: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement. New York, NY, USA: ACM, 2006, pp. 147–152.
[8] M. P. Stoecklin, J.-Y. L. Boudec, and A. Kind, “A two-layered anomaly detection technique based on multi-modal flow behavior models,” in PAM: Proceedings of 9th International Conference on Passive and Active Measurement, ser. Lecture Notes in Computer Science. Springer, 2008, pp. 212–221.

Keywords
Anomaly extraction, Apriori Algorithm, Association rules, Flow pre-filtering, Histogram cloning [1], voting.