Abstract
With the continuous development and wide application of various network technologies, such as the mobile, wireless and sensors network, network services are becoming more and more high-speed, diversified and complex. Also, network attacks and infrequent events have emerged, making the promotion of network anomaly detection more and more significant. In order to control and manage the networks and establish a credible network environment, it is critical to facilitate an accurate behavioral characteristic analysis for networks, proactively identify abnormal events associated with network behavior, and improve the capacity of responding to abnormal events. In this paper, we use Network Connection Graphs (NCGs) to model flow activities during network operation. After we construct a NCG in a time-bin, then we can extract graph metric features for quantitative or semi-quantitative analysis of flow activities. And we also could build a series of NCGs to describe the evolution process of network operation. During these NCGs, we have conducted dynamic analysis to find out the outlier points of graph metric features by using Z-score analysis method so that we can detect the hidden abnormal events. The experiment results based on real network traces have demonstrated that the effectiveness of our method in network flow behavior analysis and abnormal event identification.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Whitmore, A., Agarwal, A., Da Xu, L.: The Internet of things—a survey of topics and trends. Inf. Syst. Front. 17(2), 261–274 (2015)
Qi, Y.: Information potential fields navigation in wireless Ad-Hoc sensor networks. Sensors 11(5), 4794–4807 (2011)
Yang, X.L., Shen, P.Y., Zhou, B.: Holes detection in anisotropic sensornets: topological methods. Int. J. Distrib. Sens. Netw. 8 (10), 135054 (2012)
Zarpelão, B.B., Miani, R.S., Kawakani, C.T., de Alvarenga, S.C.: A survey of intrusion detection in Internet of Things. J. Netw. Comput. Appl. 84, 25–37 (2017)
Zhang, H., Yi, Y., Wang, J., Cao, N., Duan, Q.: Network security situation awareness framework based on threat intelligence. CMC: Comput. Mater. Continua 56(3), 381–399 (2018)
Habeeb, R.A.A., et al.: Real-time big data processing for anomaly detection: a Survey. Int. J. Inf. Manag. (2018)
Cheng, J., Xu, R., Tang, X., Sheng, V.S., Cai, C.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. CMC: Comput. Mater. Continua 55(1), 095–119 (2018)
Hu, H., Zhai, X., Wang, M., Hu, G.: Linked-behaviors profiling in IoT networks using network connection graphs (NCGs). In: Sun, X., Pan, Z., Bertino, E. (eds.) ICCCS 2018. LNCS, vol. 11067, pp. 429–439. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00018-9_38
Barford, P., et al.: A signal analysis of network traffic anomalies. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement. ACM (2002)
Zonglin, L., Hu, G., Yao, X.: Multi-dimensional traffic anomaly detection based on ICA. In: IEEE Symposium on Computers and Communications, ISCC 2009, pp. 333–336. IEEE (2009)
Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: multilevel traffic classification in the dark. In: ACM SIGCOMM Computer Communication Review, vol. 35, no. 4, pp. 229–240. ACM (2005)
Iliofotou, M., Pappu, P., Faloutsos, M., Mitzenmacher, M., Singh, S., Varghese, G.: Network monitoring using traffic dispersion graphs (TDGs). In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 315–320. ACM (2007)
Jin, Yu., Sharafuddin, E., Zhang, Z.-L.: Unveiling core network-wide communication patterns through application traffic activity graph decomposition. ACM SIGMETRICS Perform. Eval. Rev. 37(1), 49–60 (2009)
Lakhina, A., Crovella, M., Diot, C.: Characterization of network-wide anomalies in traffic flows. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement. ACM (2004)
Zhou, Y., Hu, G., Wu, D.: A data mining system for distributed abnormal event detection in backbone networks. Secur. Commun. Netw. 7(5), 904–913 (2014)
Wang, Q., Mao, Z., Wang, B., Guo, L.: Knowledge graph embedding: a survey of approaches and applications. IEEE Trans. Knowl. Data Eng. 29(12), 2724–2743 (2017)
GraphViz (2011). http://www.graphviz.org/
Lewis, T.G.: Network Science: Theory and Applications. Wiley, Hoboken (2011)
Cheadle, C., Vawter, M.P., Freed, W.J., Becker, K.G.: Analysis of microarray data using Z score transformation. J. Mol. Diagn. 5(2), 73–81 (2003)
He, D., Chan, S., Ni, X., Guizani, M.: Software-defined-networking-enabled traffic anomaly detection and mitigation. IEEE Internet Things J. 4(6), 1890–1898 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Hu, H., Zhai, X., Wang, M., Hu, G. (2019). NCGs: Building a Trustworthy Environment to Identify Abnormal Events Based on Network Connection Behavior Analysis. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11635. Springer, Cham. https://doi.org/10.1007/978-3-030-24268-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-24268-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24267-1
Online ISBN: 978-3-030-24268-8
eBook Packages: Computer ScienceComputer Science (R0)