Online and Scalable Unsupervised Network Anomaly Detection Method

Juliette Dromard 1, * Gilles Roudiere 1 Philippe Owezarski 1
* Auteur correspondant
1 LAAS-SARA - Équipe Services et Architectures pour Réseaux Avancés
LAAS - Laboratoire d'analyse et d'architecture des systèmes [Toulouse]
Abstract : Nowadays, network intrusion detectors mainly rely on knowledge databases to detect suspicious traffic. These databases have to be continuously updated which requires impor- tant human resources and time. Unsupervised network anomaly detectors overcome this issue by using “intelligent” techniques to identify anomalies without any prior knowledge. However, these systems are often very complex as they need to explore the network traffic to identify flows patterns. Therefore, they are often unable to meet real-time requirements. In this paper, we present a new Online and Real-time Unsupervised Network Anomaly Detection Algorithm: ORUNADA. Our solution relies on a discrete time-sliding window to update continuously the fea- ture space and an incremental grid clustering to detect rapidly the anomalies. The evaluations showed that ORUNADA can process online large network traffic while ensuring a low detection delay and good detection performance. The experiments performed on the traffic of a core network of a Spanish intermediate Internet service provider demonstrated that ORUNADA detects in less than half a second an anomaly after its occurrence. Furthermore, the results highlight that our solution outperforms in terms
Liste complète des métadonnées

Littérature citée [31 références]  Voir  Masquer  Télécharger

https://hal.laas.fr/hal-01406273
Contributeur : Juliette Dromard <>
Soumis le : lundi 3 juillet 2017 - 16:23:50
Dernière modification le : vendredi 20 avril 2018 - 13:40:02
Document(s) archivé(s) le : jeudi 14 décembre 2017 - 15:29:20

Fichier

ORUNADA_Final_version.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Juliette Dromard, Gilles Roudiere, Philippe Owezarski. Online and Scalable Unsupervised Network Anomaly Detection Method. IEEE Transactions on Network and Service Management, IEEE, 2017, 14 (1), pp.34-47. 〈http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7740019&isnumber=5699970〉. 〈10.1109/TNSM.2016.2627340〉. 〈hal-01406273〉

Partager

Métriques

Consultations de la notice

142

Téléchargements de fichiers

357