Anomaly Detection of Network Traffic Based on Flow Time Influence Domain

doi:10.12068/j.issn.1005-3026.2019.01.006

Journal of Northeastern University Natural Science ›› 2019, Vol. 40 ›› Issue (1): 26-31.DOI: 10.12068/j.issn.1005-3026.2019.01.006

• Information & Control • Previous Articles Next Articles

Anomaly Detection of Network Traffic Based on Flow Time Influence Domain

XU Jiu-qiang， ZHOU Yang-yang， WANG Jin-fa， ZHAO Hai

School of Computer Science & Engineering， Northeastern University， Shenyang 110169， China.

Received:2017-10-18 Revised:2017-10-18 Online:2019-01-15 Published:2019-01-28
Contact: WANG Jin-fa
About author:-
Supported by:
-

Abstract

Abstract: Aiming at improving the accuracy rate of anomaly network traffic detection， a network traffic detection model was proposed based on the time influence domain(TID)of network flow. By analyzing the changes of average degree of traffic network model under the normal and abnormal conditions， an anomaly detection algorithm of network traffic based on the average degree metric of complex network was developed to detect the abnormal traffic. Experimental results show that based on the flow time influence domain， the anomaly detection model of traffic network can reasonably describe the inter-dependency relationship between network traffic. The proposed method has a better detection performance， meanwhile only three network features， i.e. timestamp， source IP and destination IP， are needed to implement the above model. Detection efficiency is better than other methods. The method proposed meets most network types and has a better ubiquity.

Key words: network traffic, anomaly detection, flow time influence domain, traffic network model, network average degree

CLC Number:

TP393

XU Jiu-qiang， ZHOU Yang-yang， WANG Jin-fa， ZHAO Hai. Anomaly Detection of Network Traffic Based on Flow Time Influence Domain[J]. Journal of Northeastern University Natural Science, 2019, 40(1): 26-31.

References

[1]程艳云，张守超，杨杨.基于大数据的时间序列异常点检测研究［J］.计算机技术与发展，2016，26(5):139-144.(Cheng Yan-yun，Zhang Shou-chao，Yang Yang.Research on time series outlier detection based on big data.［J］.Computer Technology and Development，2016，26(5):139-144.)
[2]赵海，张娅，何璇，等.基于时空影响域的地震网络动力学演化特征分析［J］.东北大学学报(自然科学版)，2015，36(9):1232-1236.(Zhao Hai，Zhang Ya，He Xuan，et al.Dynamic evolution analysis of earthquake network based on the time-space influence domain［J］.Journal of Northeastern University(Natural Science)，2015，36(9):1232-1236.)
[3]贺涛.基于网络数据流依赖关系的拟阵构造［D］.上海:复旦大学，2009.(He Tao.Matroid contruction based on data streams dependent relationship in network［D］.Shanghai:Fudan University，2009.)
[4]程光，龚俭，丁伟.基于抽样测量的高速网络实时异常检测模型［J］.软件学报，2003，14(3):594-599.(Cheng Guang，Gong Jian，Ding Wei.A real-time anomaly detection model based on sampling measurement in a high-speed network［J］.Journal of Software，2003，14(3):594-599.)
[5]Grill M，Stiborek J，Zunino A.An empirical comparison of botnet detection methods［J］.Computers & Security，2014，45:100-123.
[6]Akoglu L，Tong H，Koutra D.Graph based anomaly detection and description:a survey［J］.Data Mining & Knowledge Discovery，2014，29(3):626-688.
[7]Oz L E，Eilertson E，Lazarevic A，et al.MINDS-minnesota intrusion detection system［J］.Cd Technology，2007，31(5):151-153.
[8]Ahmed M，Mahmood A N，Hu J.A survey of network anomaly detection techniques［J］.Journal of Network & Computer Applications，2016，60:19-31.
[9]Sridharan N A，Ye T，Bhattacharyya N S.Connectionless port scan detection on the backbone［C］// IEEE International Performance Computing and Communications Conference.Phoenix，2006:567-576.
[10]Tavallaee M，Stakhanova N，Ghorbani A A.Toward credible evaluation of anomaly-based intrusion-detection methods［J］.IEEE Transactions on Systems Man & Cybernetics:Part C，2010，40(5):516-524.
[11]Xu K，Zhang Z L，Bhattacharyya S.Profiling internet backbone traffic:behavior models and applications［J］.ACM SIGCOMM Computer Communication Review，2005，35(4):169-180.
[12]Barbara D，Wu N，Jajodia S.Detecting novel network intrusions using bayes［C］// Siam Conference on Data Mining.Philadelphia，2001:308-317.
[13]Sengar H，Wang X，Wang H，et al.Online detection of network traffic anomalies using behavioral distance［C］// International Workshop on Quality of Service.Charleston:IEEE，2009:1-9.
[14]Hua L，Joe H.Strength of tail dependence based on conditional tail expectation［J］.Journal of Multivariate Analysis， 2014，123(1):143-159.(上接第5页)
[13]Hesse W，Moller E，Arnold M，et al.The use of time-variant EEG Granger causality for inspecting directed interdependencies of neural assemblies ［J］.Journal of Neuroscience Methods，2003，124(1):27-44.
[14]Afshari S，Jalili M.Directed functional networks in alzheimer’s disease:disruption of Glabal and local connectivity measuers ［J］.IEEE Journal of Biomedical and Health Informatics，2016，21(4):949-955.
[15]Rubinov M，Sporns O.Complex network measures of brain connectivity:uses and interpretations ［J］.NeuroImage，2009，52(3):1059-1069.
[16]Huang D，Ren A，Shang J，et al.Combining partial directed coherence and graph theory to analyse effective brain networks of different mental tasks ［J］. Frontiers in Human Neuroscience，2016，10(5):1-11.
[17]黄璐，王宏.基于约束独立分量分析的脑电特征提取［J］.东北大学学报(自然科学版)，2014，35(3):419-423.(Huang Lu，Wang Hong.EEG feature extraction based on constrained ICA［J］.Journal of Northeastern University(Natural Science)，2014，35(3):419-423.)

Anomaly Detection of Network Traffic Based on Flow Time Influence Domain

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 2

Recommended Articles

Metrics

Comments

[1]	ZHAO Hai， ZHENG Chun-yang， WANG Jin-fa， SI Shuai-zong. Network Anomaly Detection Method for Intentional Attack [J]. Journal of Northeastern University Natural Science, 2020, 41(10): 1376-1381.
[2]	HAN Ying， JING Yuan-wei， JIN Jian-yu， LI Kun. Network Traffic Short-Term Prediction Based on Echo State Network Optimized by Improved Black Hole Algorithm [J]. Journal of Northeastern University Natural Science, 2018, 39(3): 311-315.