Abstract
Network anomaly detection is an effective way for analysing and detecting malicious attacks. However, the typical anomaly detection techniques cannot perform the desired effect in the controlled network just as in the general network. In the circumstance of the controlled network, the detection performance will be lowered due to its special characteristics including the stronger regularity, higher dimensionality and subtler fluctuation of its traffic. On the motivation, the study proposes a novel classifier framework based on cross entropy and support vector machine (SVM). The technique first subtracts the representative traffic characteristics from the network traffic and defines a 7-tuple feature vector for the controlled network by extending the traditional 5-tuple representation of the usual network. Then the probability distributions and cross entropies of the 7 tuples are calculated during the defined statistical window so as to generate the 7-tuple cross-entropy feature vector for profiling the network traffic fluctuation in the controlled network. Finally, the multi-class SVM classifier is trained by importing the 7-tuple cross-entropy feature vectors. Experimental results show that the proposed classifier can achieve higher detection rates and is more suitable to be used in the controlled network than the typical detection techniques.
Highlights
With the widespread use of the Internet, the potential risks due to the network attacks have become an urgent issue to be solved as soon as possible
In comparison to the above three techniques, the classifier based on cross entropy and support vector machine (SVM) shows the best performance because the cross-entropy feature vector can reflect the traffic variation in a more apparent way and the SVM classifier outperforms the others when classifying small-size, high-dimensionality and linearly nonseparable samples in the controlled network
High dimensionality and subtle fluctuation of the traffic in the controlled network, the typical anomaly detection techniques cannot discover the subtle variations in the traffic and detect the anomalies effectively
Summary
With the widespread use of the Internet, the potential risks due to the network attacks have become an urgent issue to be solved as soon as possible. In order to solve the aforementioned problems, the paper proposes a novel detection technique by introducing cross entropy and support vector machine (SVM) because the metric of cross entropy can reflect the variation of the traffic characteristics more obviously [12] and the SVM classifier can classify the smallsize, high-dimensionality and linearly non-separable samples effectively [13] Following this line of thinking, we build a 7-tuple feature vector for profiling the controlled-network traffic, and calculate the corresponding cross-entropy feature vector and input it to the multi-class SVM classifier to detect the anomalous traffic in the controlled network. This paper is organised as follows: Section 2 analyses the motivation for the proposed approach, Section 3 describes the related work, Section 4 gives some main notations and necessary preliminaries, Section 5 defines the classifier model, Section 6 describes the classifier framework, Section 7 describes the classifying process, Section 8 evaluates the proposed approach by conducting comprehensive experiments, and Section 9 concludes the paper
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
