Online and Scalable Unsupervised Network Anomaly Detection Method

Juliette Dromard 1, * Gilles Roudière 1 Philippe Owezarski 1
* Corresponding author
1 LAAS-SARA - Équipe Services et Architectures pour Réseaux Avancés
LAAS - Laboratoire d'analyse et d'architecture des systèmes [Toulouse]
Abstract : Nowadays, network intrusion detectors mainly rely on knowledge databases to detect suspicious traffic. These databases have to be continuously updated which requires impor- tant human resources and time. Unsupervised network anomaly detectors overcome this issue by using “intelligent” techniques to identify anomalies without any prior knowledge. However, these systems are often very complex as they need to explore the network traffic to identify flows patterns. Therefore, they are often unable to meet real-time requirements. In this paper, we present a new Online and Real-time Unsupervised Network Anomaly Detection Algorithm: ORUNADA. Our solution relies on a discrete time-sliding window to update continuously the fea- ture space and an incremental grid clustering to detect rapidly the anomalies. The evaluations showed that ORUNADA can process online large network traffic while ensuring a low detection delay and good detection performance. The experiments performed on the traffic of a core network of a Spanish intermediate Internet service provider demonstrated that ORUNADA detects in less than half a second an anomaly after its occurrence. Furthermore, the results highlight that our solution outperforms in terms
Liste complète des métadonnées

Cited literature [31 references]  Display  Hide  Download

https://hal.laas.fr/hal-01406273
Contributor : Juliette Dromard <>
Submitted on : Monday, July 3, 2017 - 4:23:50 PM
Last modification on : Thursday, January 11, 2018 - 6:26:28 AM
Document(s) archivé(s) le : Thursday, December 14, 2017 - 3:29:20 PM

File

ORUNADA_Final_version.pdf
Files produced by the author(s)

Identifiers

Citation

Juliette Dromard, Gilles Roudière, Philippe Owezarski. Online and Scalable Unsupervised Network Anomaly Detection Method. IEEE Transactions on Network and Service Management, IEEE, 2017, 14 (1), pp.34-47. 〈http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7740019&isnumber=5699970〉. 〈10.1109/TNSM.2016.2627340〉. 〈hal-01406273〉

Share

Metrics

Record views

66

Files downloads

156