Integrating short history for improving clustering based network traffic anomaly detection - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2017

Integrating short history for improving clustering based network traffic anomaly detection

Résumé

Traffic anomaly detection is of premier importance for network administrators as anomalies have a dramatic impact on network performances, and QoS perceived by users. It is, however, a very time consuming and costly task that often requires decision from network and security experts. For making anomaly detection autonomous, many research works started investigating the use of unsupervised machine learning techniques, and in most cases traffic clustering. Identifying the clusters corresponding to anomalous traffic classes among the full set of detected clusters still remains a challenge. This is mostly due to the nature of clustering techniques that work on traffic samples of a given duration, each cluster being classified after an uncertain post processing stage. In this paper, we show how anomaly detectors can benefit from keeping a temporal track of the clustering results along time. This improvement has been added to ORUNADA (Online Real-time Unsupervised Network Anomaly detection Algorithm) that aimed at providing efficient anomaly detection on high speed networks. This new ORUNADA version-called H-ORUNADA for History-ORUNADA-is then evaluated on a new ground truth, called SynthONTS, that is currently designed to provide a modern and complete dataset with labeled anomaly. H-ORUNADA has also been implemented on Spark Streaming for being able to work on very high speed networks (targeting several hundreds of Gbits/s), and evaluated on the Google Cloud Platform.
Fichier principal
Vignette du fichier
PID4915169.pdf (445.42 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01576752 , version 1 (23-08-2017)

Identifiants

  • HAL Id : hal-01576752 , version 1

Citer

Juliette Dromard, Philippe Owezarski. Integrating short history for improving clustering based network traffic anomaly detection. International Workshop on Autonomic Systems for Big Data Analytics (ASBDA 2017), Sep 2017, Tucson, United States. 8p. ⟨hal-01576752⟩
177 Consultations
313 Téléchargements

Partager

Gmail Facebook X LinkedIn More