Abstract
Network anomaly detection and classification is an important open issue of network security. Several approaches and systems based on different mathematical tools have been studied and developed. Among them, the Anomaly-Network Intrusion Detection System (A-NIDS), this monitors network traffic and compares it against an established baseline of "normal" traffic profile. Then, it is necessary to characterize the "normal" Internet traffic. This paper presents an approach for anomaly detection and classification based on: The entropy of selected features (including Shannon, Renyi and Tsallis entropies); the construction of regions from entropy data employing the Mahalanobis distance (MD) and One Class Support Vector Machine (OC-SVM) with different kernels (RBF and Mahalanobis) for normal and abnormal traffic. Regular and non-regular regions built from "normal" traffic profiles, allow the anomaly detection; whilst the classification is performed under the assumption that regions corresponding to the attack classes have been characterized previously. Although, this approach allows the use of as many features as required, only four well known significant features were selected in our case. To evaluate our approach two different data sets were used: One set of real traffic obtained from an Academic LAN, and the other a subset of the 1998 MIT-DARPA set. The selected features sets computed in our experiments provide detection rates up to 99.98% with "normal" traffic and up to 99.05% with anomalous traffic and false alarm rate of 0.019%. Experimental results show that certain values of the q parameter of the generalized entropies and the use of OC-SVM improves the detection rate of some attack classes, due to a better fit of the region to the data. Besides, our results show that MD allows to obtain high detection rates with an efficient computation time, while OC-SVM achieved detection rates lightly more precise but more expensive computationally.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
