Abstract
AbstractInternet users and computer networks constantly suffer from increasing number of cyberattacks. During the process of seeking how to reduce the risk and possible consequences of the attacks, it is very important to identify the attacks at the initial stage of their realization. For this purpose, the anomaly detection systems, a subset of intrusion detection systems, can be applied. The main advantage of anomaly‐based systems is the ability to detect unknown attacks. We propose a novel approach to detect the network flow anomalies. The method relies on aggregated network flow metrics and is based on local outlier factor algorithm, which evaluates each event's uniqueness on the basis of distance from the k‐nearest neighbours. In our research, 15 different groups of features (a total of 74 features) were suggested to detect anomalous network flows. According to experimental results, the best groups of features were identified with the highest values of precision, recall and F‐measure. Copyright © 2015 John Wiley & Sons, Ltd.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
