Logo PTI Logo FedCSIS

Proceedings of the 18th Conference on Computer Science and Intelligence Systems

Annals of Computer Science and Information Systems, Volume 35

Use of traffic sampling in anomaly detection for high-throughput network links

, ,

DOI: http://dx.doi.org/10.15439/2023F6381

Citation: Proceedings of the 18th Conference on Computer Science and Intelligence Systems, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 35, pages 877882 ()

Full text

Abstract. Currently, anomaly detection is an increasingly important issue in terms of research work and applications in production systems. Information about system malfunction allows the implementation of precise diagnostic and corrective actions. Currently, two main approaches based on statistical analysis and machine learning techniques are used in anomaly detection systems, which are computationally complex, especially when dealing with high traffic volumes. This limits their widespread use in operator access links. In this paper, the limitation of the sampling frequency for network traffic parameters is proposed as a technique to reduce the computational complexity of anomaly detection methods, which, in turn, can trigger subsequent security cascades in the security system. The proposed approach has been verified in a real network link monitoring system for a medium-sized ISP. The results obtained are promising and can be used to build a production system that enables the development of early warning systems in the area of security incident detection dedicated to high-speed access links.

References

  1. B. Pawłowicz, M. Salach, and B. Trybus, “Infrastructure of RFID-based smart city traffic control system,” in Automation 2019, R. Szewczyk, C. Zieliński, and M. Kaliczyńska, Eds. Springer International Publishing, 2020, vol. 920, pp. 186–198. ISBN 978-3-030-13272-9 978-3-030-13273-6 Series Title: Advances in Intelligent Systems and Computing. [Online]. Available: http: //link.springer.com/10.1007/978-3-030-13273-6_19
  2. B. Pawłowicz, M. Salach, and B. Trybus, “Smart city traffic monitoring system based on 5g cellular network, RFID and machine learning,” in Engineering Software Systems: Research and Praxis, P. Kosiuczenko and Z. Zieliński, Eds. Springer International Publishing, 2019, vol. 830, pp. 151–165. ISBN 978-3-319-99616-5 978-3-319-99617-2 Series Title: Advances in Intelligent Systems and Computing. [Online]. Available: http://link.springer.com/10.1007/978-3-319-99617-2_10
  3. S. Dash, S. Biswas, D. Banerjee, and A. U. Rahman, “Edge and Fog Computing in Healthcare – A Review,” Scalable Computing: Practice and Experience, vol. 20, no. 2, pp. 191–206, 2019. http://dx.doi.org/10.12694/scpe.v20i2.1504. [Online]. Available: https://www.scpe.org/index.php/scpe/article/view/1504
  4. M. Kostolani, J. Murin, and S. Kozak, “An effective industrial control approach,” 2019-09-26. http://dx.doi.org/10.15439/2019F187 pp. 911–914. [Online]. Available: https://fedcsis.org/proceedings/2019/drp/187.html
  5. “Cyber security statistics the ultimate list of stats data, and trends for 2023,” https://purplesec.us/resources/cyber-security-statistics/, accessed: 2023-05-02.
  6. “Cost of a data breach 2022 a million-dollar race to detect and respond,” https://github.com/ahlashkari/CICFlowMeter, accessed: 2023-05-02.
  7. M. Ahmed, A. Naser Mahmood, and J. Hu, “A survey of network anomaly detection techniques,” Journal of Network and Computer Applications, vol. 60, pp. 19–31, 2016. http://dx.doi.org/10.1016/j.jnca.2015.11.016
  8. S. Saha, A. Haque, and G. Sidebottom, “Towards an ensemble regressor model for ISP traffic prediction with anomaly detection and mitigation,” in 2022 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, 2022. http://dx.doi.org/10.1109/IS- NCC55209.2022.9851774. ISBN 978-1-66548-544-9 pp. 1–6.
  9. M. Shajari, H. Geng, K. Hu, and A. Leon-Garcia, “Tensor-based online network anomaly detection and diagnosis,” IEEE Access, vol. 10, pp. 85 792–85 817, 2022. http://dx.doi.org/10.1109/ACCESS.2022.3197651
  10. M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “Network anomaly detection: Methods, systems and tools,” IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 303–336, 2014. http://dx.doi.org/10.1109/SURV.2013.052213.00046
  11. G. Fernandes, J. J. P. C. Rodrigues, L. F. Carvalho, J. F. Al-Muhtadi, and M. L. Proença, “A comprehensive survey on network anomaly detection,” Telecommunication Systems, vol. 70, no. 3, pp. 447–489, 2019. http://dx.doi.org/10.1007/s11235-018-0475-8
  12. B. Tellenbach, D. Brauckhoff, and M. May, “Impact of traffic mix and packet sampling on anomaly visibility,” in 2008 The Third International Conference on Internet Monitoring and Protection. IEEE, 2008. http://dx.doi.org/10.1109/ICIMP.2008.18. ISBN 978-0-7695-3189-2 pp. 31–36.
  13. I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization:,” in Proceedings of the 4th International Conference on Information Systems Security and Privacy. SCITEPRESS - Science and Technology Publications, 2018. http://dx.doi.org/10.5220/0006639801080116. ISBN 978-989-758-282-0 pp. 108–116.
  14. W. Lu and A. A. Ghorbani, “Network anomaly detection based on wavelet analysis,” EURASIP Journal on Advances in Signal Processing, vol. 2009, no. 1, p. 837601, 2008. http://dx.doi.org/10.1155/2009/837601
  15. M. Said Elsayed, N.-A. Le-Khac, S. Dev, and A. D. Jurcut, “Network anomaly detection using LSTM based autoencoder,” in Proceedings of the 16th ACM Symposium on QoS and Security for Wireless and Mobile Networks. ACM, 2020. http://dx.doi.org/10.1145/3416013.3426457. ISBN 978-1-4503-8120-8 pp. 37–45.
  16. D. Hulskamp and C. Cappo, “Effectiveness assessment of time series models for anomalies detection in real network traffic,” in 2022 41st International Conference of the Chilean Computer Science Society (SCCC). IEEE, 2022. http://dx.doi.org/10.1109/SCCC57464.2022.10000354. ISBN 978-1-66545-674-6 pp. 1–8.
  17. X. Larriva-Novo, M. Vega-Barbas, V. A. Villagrá, D. Rivera, M. Álvarez Campana, and J. Berrocal, “Efficient distributed preprocessing model for machine learning-based anomaly detection over large-scale cybersecurity datasets,” Applied Sciences, vol. 10, no. 10, p. 3430, 2020-05-15. http://dx.doi.org/10.3390/app10103430
  18. A. Bhandari, K. Kumar, A. L. Sangal, and S. Behal, “An anomaly based distributed detection system for DDoS attacks in tier-2 ISP networks,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 1, pp. 1387–1406, 2021. http://dx.doi.org/10.1007/s12652-020-02208-3
  19. A. Bădică, C. Bădică, M. Bolanowski, S. Fidanova, M. Ganzha, S. Harizanov, M. Ivanovic, I. Lirkov, M. Paprzycki, A. Paszkiewicz, and K. Tomczyk, “Cascaded anomaly detection with coarse sampling in distributed systems,” in Big-Data-Analytics in Astronomy, Science, and Engineering, S. Sachdeva, Y. Watanobe, and S. Bhalla, Eds. Springer International Publishing, 2022, vol. 13167, pp. 181–200. ISBN 978-3-030-96599-0 978-3-030-96600-3 Series Title: Lecture Notes in Computer Science. [Online]. Available: https://link.springer.com/chapter/10.1007/978-3-030-96600-3_13
  20. “Cicflowmeter,” https://www.ibm.com/security/data-breach, accessed: 2023-05-02.
  21. D. Bank, N. Koenigstein, and R. Giryes, “Autoencoders,” 2020. http://dx.doi.org/10.48550/ARXIV.2003.05991 Publisher: arXiv Version Number: 2.
  22. I. K. M. Jais, A. R. Ismail, and S. Q. Nisa, “Adam optimization algorithm for wide and deep neural network,” vol. 2, no. 1, p. 41, 2019. http://dx.doi.org/10.17977/um018v2i12019p41-46
  23. Y. Liu, “Mean square error of survey estimates,” in Encyclopedia of Quality of Life and Well-Being Research, F. Maggino, Ed. Springer International Publishing, 2021, pp. 1–3. ISBN 978-3-319-69909-7
  24. M. Gal and D. L. Rubinfeld, “Data standardization,” 2018. http://dx.doi.org/10.2139/ssrn.3326377