Skip to Main content Skip to Navigation
Journal articles

Online and Scalable Unsupervised Network Anomaly Detection Method

Juliette Dromard 1, * Gilles Roudiere 1 Philippe Owezarski 1
* Corresponding author
1 LAAS-SARA - Équipe Services et Architectures pour Réseaux Avancés
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : Nowadays, network intrusion detectors mainly rely on knowledge databases to detect suspicious traffic. These databases have to be continuously updated which requires impor- tant human resources and time. Unsupervised network anomaly detectors overcome this issue by using “intelligent” techniques to identify anomalies without any prior knowledge. However, these systems are often very complex as they need to explore the network traffic to identify flows patterns. Therefore, they are often unable to meet real-time requirements. In this paper, we present a new Online and Real-time Unsupervised Network Anomaly Detection Algorithm: ORUNADA. Our solution relies on a discrete time-sliding window to update continuously the fea- ture space and an incremental grid clustering to detect rapidly the anomalies. The evaluations showed that ORUNADA can process online large network traffic while ensuring a low detection delay and good detection performance. The experiments performed on the traffic of a core network of a Spanish intermediate Internet service provider demonstrated that ORUNADA detects in less than half a second an anomaly after its occurrence. Furthermore, the results highlight that our solution outperforms in terms
Complete list of metadata

Cited literature [27 references]  Display  Hide  Download
Contributor : Juliette Dromard <>
Submitted on : Monday, July 3, 2017 - 4:23:50 PM
Last modification on : Thursday, June 10, 2021 - 3:01:19 AM
Long-term archiving on: : Thursday, December 14, 2017 - 3:29:20 PM


Files produced by the author(s)



Juliette Dromard, Gilles Roudiere, Philippe Owezarski. Online and Scalable Unsupervised Network Anomaly Detection Method. IEEE Transactions on Network and Service Management, IEEE, 2017, 14 (1), pp.34-47. ⟨10.1109/TNSM.2016.2627340⟩. ⟨hal-01406273⟩



Record views


Files downloads