Skip to main content
Springer Nature Link
Log in

Survey of Cloud Traffic Anomaly Detection Algorithms

  • Conference paper
  • First Online:
Information and Software Technologies (ICIST 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1665))

Included in the following conference series:

  • 728 Accesses

Abstract

Widespread use of cloud computing resources calls for reliable network connections, while anomalies in network traffic impact the availability of cloud resources in a negative way. Anomaly detection tools are essential for identifying and forecasting these network anomalies. In recent years machine learning methods are gaining popularity in implementations of anomaly detection tools. Given the variety of network anomaly types and the availability of diverse machine learning algorithms, developers of anomaly detection software and administrators of cloud infrastructures are presented with a wide range of possible solutions.

This article presents a survey of the most popular machine learning methods that are applicable to detecting anomalies in cloud networks. In order to be able to classify and compare these methods, six major criteria (training approach, training time, preferred areas of application, discovery of unprecedented anomalies, dataset’s influence on anomaly prediction and problem of vanishing or exploding gradient) are discerned and discussed in detail, providing their implications on the evaluated methods. Subsequently, the criteria are used to review the features of the main machine learning methods for anomaly detection and to provide insights about using the methods to identify abnormal network behavior.

The last part of the study lists the examined machine learning methods and appropriate tools for anomaly monitoring and detection. The provided lists are then used to draw final conclusions that provide the recommendations for employing the aforementioned algorithms and tools in various cases of anomaly detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Kumar, R., Goyal, R.: On cloud security requirements, threats, vulnerabilities and countermeasures: a survey. Comput. Sci. Rev. 33, 1–48 (2019). https://doi.org/10.1016/j.cosrev.2019.05.002

    Article  MathSciNet  Google Scholar 

  2. Dang, L.M., Piran, Md.J., Han, D., Min, K., Moon, H.: A survey on internet of things and cloud computing for healthcare. Electronics 8(7), art. 768 (2019). https://doi.org/10.3390/electronics8070768

  3. Priyanka, E.B., Thangavel, S.: Influence of internet of things (IoT) in association of data mining towards the development smart cities-a review analysis. J. Eng. Sci. Technol. Rev. 13(4), 1–21 (2020)

    Article  Google Scholar 

  4. Pajouha, H.H., Dehghantanhaa, A., Parizib, R.M., Aledharib, M., Karimipour, H.: A survey on internet of things security: requirements, challenges, and solutions. Internet Things 14, art. 100129 (2021). https://doi.org/10.1016/j.iot.2019.100129

  5. Bagchi, S., et al.: New frontiers in IoT: networking, systems, reliability, and security challenges. IEEE Internet Things J. 7(12), 11330–11346 (2020)

    Article  Google Scholar 

  6. Tabrizchi, H., Kuchaki Rafsanjani, M.: A survey on security challenges in cloud computing: issues, threats, and solutions. J. Supercomput. 76(12), 9493–9532 (2020). https://doi.org/10.1007/s11227-020-03213-1

    Article  Google Scholar 

  7. Du, M.: Application of information communication network security management and control based on big data technology. Int. J. Commun. Syst. 35(5), art. 4643 (2022). https://doi.org/10.1002/dac.4643

  8. Clemm, A., Zhani, M.F., Boutaba, R.: Network management 2030: operations and control of network 2030 services. J. Netw. Syst. Manage. 28(4), 721–750 (2020). https://doi.org/10.1007/s10922-020-09517-0

    Article  Google Scholar 

  9. Arzo, S.T., Naiga, C., Granelli, F., Bassoli, R., Devetsikiotis, M., Fitzek, F.H.P.: A theoretical discussion and survey of network automation for IoT: challenges and opportunity. IEEE Internet Things J. 8(15), 12021–12045 (2021)

    Article  Google Scholar 

  10. Javed, F., Afzal, M.K., Sharif, M., Kim, B.-S.: Internet of things (IoT) operating systems support, networking technologies, applications, and challenges: a comparative review. IEEE Commun. Surv. Tutor. 20(3), 2062–2100 (2018)

    Article  Google Scholar 

  11. Yu, F.R.: From information networking to intelligence networking: motivations, scenarios, and challenges. IEEE Netw. 35(6), 209–216 (2021)

    Article  Google Scholar 

  12. Imran, Ghaffar, Z., Alshahrani, A., Fayaz, M., Alghamdi, A.M., Gwak, J.: A topical review on machine learning, software defined networking, internet of things applications: research limitations and challenges. Electronics 10(8), art. 880 (2021). https://doi.org/10.3390/electronics10080880

  13. Santos, L., Gonçalves, R., Rabada, C., Martins, J.: A flow-based intrusion detection framework for internet of things networks. Cluster Comput. 1–21 (2021). http://hdl.handle.net/10198/23813

  14. Hagemann, T., Katsarou, K.: A systematic review on anomaly detection for cloud computing environments. In: 3rd Artificial Intelligence and Cloud Computing Conference (AICCC 2020), pp. 83–96, December 2020. https://doi.org/10.1145/3442536.3442550

  15. Fernandes, G., Rodrigues, J.J.P.C., Carvalho, L.F., Al-Muhtadi, J.F., Proença, M.L.: A comprehensive survey on network anomaly detection. Telecommun. Syst. 70(3), 447–489 (2018). https://doi.org/10.1007/s11235-018-0475-8

    Article  Google Scholar 

  16. Jayathilaka, H., Krintz, C., Wolski, R.: Detecting performance anomalies in cloud platform applications. IEEE Trans. Cloud Comput. 8, 764–777 (2020)

    Article  Google Scholar 

  17. Shi, Y., Miao, K.: Detecting anomalies in application performance management system with machine learning algorithms. In: 3rd International Conference on Electronic Information Technology and Computer Engineering (EITCE), pp. 1797–1800 (2020)

    Google Scholar 

  18. Baril, X., Coustié, O., Mothe, J., Teste, O.: Application performance anomaly detection with LSTM on temporal irregularities in logs. In: Proceedings of the 29th ACM International Conference on Information & Knowledge Management (CIKM 2020), pp. 1961–1964, October 2020. https://doi.org/10.1145/3340531.3412157

  19. Jyothsana, L.P., Anushya, E., Kumari, S.S.: An anomaly-based approach for intrusion detection in web traffic. Int. J. Adv. Res. Basic Eng. Sci. Technol. (IJARBEST) 3(Special Issue), 360–367 (2017)

    Google Scholar 

  20. Tama, B.A., Nkenyereye, L., Islam, S.M.R., Kwak, K.-S.: An enhanced anomaly detection in web traffic using a stack of classifier ensemble. IEEE Access 8, 24120–24134 (2020)

    Article  Google Scholar 

  21. Fotiadou, K., Velivassaki, T.-H., Voulkidis, A., Skias, D., Tsekeridou, S., Zahariadis, T.: Network traffic anomaly detection via deep learning. Information 12(5), art. 215 (2021)

    Google Scholar 

  22. Alshammari, A., Aldribi, A.: Apply machine learning techniques to detect malicious network traffic in cloud computing. J. Big Data 8(1), 1–24 (2021). https://doi.org/10.1186/s40537-021-00475-1

    Article  Google Scholar 

  23. Ergen, T., Kozat, S.S.: Unsupervised anomaly detection with LSTM neural networks. IEEE Trans. Neural Netw. Learn. Syst. 31(8), 3127–3141 (2020)

    Article  MathSciNet  Google Scholar 

  24. Pu, G., Wang, L., Shen, J., Dong, F.: A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Sci. Technol. 26(2), 146–153 (2021). https://doi.org/10.26599/TST.2019.9010051

    Article  Google Scholar 

  25. Uddin, S., Khan, A., Hossain, M., et al.: Comparing different supervised machine learning algorithms for disease prediction. BMC Med. Inform. Decis. Mak. 19, 281 (2019). https://doi.org/10.1186/s12911-019-1004-8

    Article  Google Scholar 

  26. Hagemann, T., Katsarou, K.: A systematic review on anomaly detection for cloud computing environments. In: 2020 3rd Artificial Intelligence and Cloud Computing Conference (AICCC 2020), pp. 83–96. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3442536.3442550

  27. Ciriano, I.C., Bender, A., Malliavin, T.E.: Comparing the influence of simulated experimental errors on 12 machine learning algorithms in bioactivity modeling using 12 diverse data sets. J. Chem. Inf. Model. 55(7), 1413–1425 (2015). https://doi.org/10.1021/acs.jcim.5b00101

    Article  Google Scholar 

  28. Ribeiro, A.H., Tiels, K., Aguirre, L.A., Schön, T.: Beyond exploding and vanishing gradients: analysing RNN training using attractors and smoothness, vol. 108, pp. 2370–2380 (2020). https://proceedings.mlr.press/v108/ribeiro20a.html

  29. Aouedi, O., Piamrat, K., Bagadthey, D.: A semi-supervised stacked autoencoder approach for network traffic classification. In: 2020 IEEE 28th International Conference on Network Protocols (ICNP), pp. 1–6 (2020). https://doi.org/10.1109/ICNP49622.2020.9259390

  30. Alloghani, M., Al-Jumeily, D., Mustafina, J., Hussain, A., Aljaaf, A.J.: A systematic review on supervised and unsupervised machine learning algorithms for data science. In: Berry, M.W., Mohamed, A., Yap, B.W. (eds.) Supervised and Unsupervised Learning for Data Science. USL, pp. 3–21. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-22475-2_1

    Chapter  Google Scholar 

  31. Abdallah, M., Khac, N.A.L., Jahromi, H., Delia Jurcut, A.: A hybrid CNN-LSTM based approach for anomaly detection systems in SDNs. In: The 16th International Conference on Availability, Reliability and Security (ARES 2021), pp. 1–7. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3465481.3469190. Article 34

  32. Habeeb, R.A.A., Nasaruddin, F., Gani, A., Hashem, I.A.T., Ahmed, E., Imran, M.: Real-time big data processing for anomaly detection: a survey (2019). https://doi.org/10.1016/j.ijinfomgt.2018.08.006

  33. Haji, S., Ameen, S.: Attack and anomaly detection in IoT networks using machine learning techniques: a review. Asian J. Res. Comput. Sci. 9, 30–46 (2021). https://doi.org/10.9734/ajrcos/2021/v9i230218

    Article  Google Scholar 

  34. Hwang, R.-H., Peng, M.-C., Huang, C.-W., Lin, P.-C., Nguyen, V.-L.: An unsupervised deep learning model for early network traffic anomaly detection. IEEE Access 8, 30387–30399 (2020). https://doi.org/10.1109/ACCESS.2020.2973023

    Article  Google Scholar 

  35. Farzad, A., Gulliver, T.A.: Unsupervised log message anomaly detection (2020). https://doi.org/10.1016/j.icte.2020.06.003

  36. Lesouple, J., Baudoin, C., Spigai, M., Tourneret, J.Y.: Generalized isolation forest for anomaly detection (2021). https://doi.org/10.1016/j.patrec.2021.05.022

  37. Eltanbouly, S., Bashendy, M., AlNaimi, N., Chkirbene, Z., Erbad, A.: Machine learning techniques for network anomaly detection: a survey. 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), pp. 156–162 (2020). https://doi.org/10.1109/ICIoT48696.2020.9089465

  38. Roodschild, M., Gotay Sardiñas, J., Will, A.: A new approach for the vanishing gradient problem on sigmoid activation. Progr. Artif. Intell. 9(4), 351–360 (2020). https://doi.org/10.1007/s13748-020-00218-y

    Article  Google Scholar 

  39. Girish, L., Rao, S.K.N.: Anomaly detection in cloud environment using artificial intelligence techniques. Computing (2021). https://doi.org/10.1007/s00607-021-00941-x

  40. Alrashdi, I., Alqazzaz, A., Aloufi, E., Alharthi, R., Zohdy, M., Ming, H.: AD-IoT: anomaly detection of IoT cyberattacks in smart city using machine learning. In: 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pp. 0305–0310 (2019). https://doi.org/10.1109/CCWC.2019.8666450

  41. Biradar, K., Gupta, A., Mandal, M., Vipparthi, S.: Challenges in time-stamp aware anomaly detection in traffic videos (2019). https://doi.org/10.48550/arXiv.1906.04574

  42. Boranbayev, S.N., Kuanyshev, D.D.: Network traffic analysis tools. Eurasian Union Sci. (EUS) 12(81), 35–38 (2020)

    Google Scholar 

  43. Liu, J., Qu, C., Zhou, T.: Design and implementation of cloud computing platform monitoring system based on nagios. In: Huang, C., Chan, Y.-W., Yen, N. (eds.) 2020 International Conference on Data Processing Techniques and Applications for Cyber-Physical Systems. AISC, vol. 1379, pp. 1473–1478. Springer, Singapore (2021). https://doi.org/10.1007/978-981-16-1726-3_191

    Chapter  Google Scholar 

  44. Basu, A., Singh, R., Yu, C., Prasad, A., Banerjee, K.: Designing, developing and deploying an enterprise scale network monitoring system. In: ISEC 2022: 15th Innovations in Software Engineering Conference, Article No. 18, pp. 1–5, February 2022. https://doi.org/10.1145/3511430.3511446

  45. Fournier, G., Afchain, S., Baubeau, S.: Runtime security monitoring with eBPF (2021)

    Google Scholar 

  46. Birundha, S., Grace, R.K., Jeyaram, T.: Network monitoring and analysis. In: 2021 7th International Conference on Advanced Computing and Communication Systems (ICACCS), pp. 1400–1403 (2021). https://doi.org/10.1109/ICACCS51430.2021.9441767

  47. Krishnamurthy, P., Khorrami, F., Schmidt, S., Wright, K.: Machine learning for NetFlow anomaly detection with human-readable annotations. IEEE Trans. Netw. Serv. Manag. 18(2), 1885–1898 (2021). https://doi.org/10.1109/TNSM.2021.3075656

    Article  Google Scholar 

  48. Ljubojević, M., Bajić, A., Mijić, D.: Centralized monitoring of computer networks using Zenoss open source platform. In: 2018 17th International Symposium INFOTEH-JAHORINA (INFOTEH), pp. 1–5 (2018). https://doi.org/10.1109/INFOTEH.2018.8345528

  49. Meman, J.M., Villaverde, J.F., Linsangan, N.B.: Automation of daily monitoring operations of N2N connect Berhad using Zabbix technology. In: ICIEI 2021: 2021 The 6th International Conference on Information and Education Innovations, pp. 140–145, April 2021. https://doi.org/10.1145/3470716.3470739

  50. Flowmon ADS. Network anomaly detection system. https://www.flowmon.com/en/products/software-modules/anomaly-detection-system

  51. Kortebi, A., Aouini, Z., Juren, M., Pazdera, J.: Home networks traffic monitoring case study: anomaly detection. In: 2016 Global Information Infrastructure and Networking Symposium (GIIS), pp. 1–6 (2016). https://doi.org/10.1109/GIIS.2016.7814852

Download references

Author information

Authors and Affiliations

  1. Faculty of Informatics, Kaunas University of Technology, Studentu str. 50, 51368, Kaunas, Lithuania

    Giedrius Paulikas, Donatas Sandonavičius, Edgaras Stasiukaitis & Gytis Vilutis

  2. Faculty of Electrical and Electronics Engineering, Kaunas University of Technology, Studentu str. 48, 51367, Kaunas, Lithuania

    Mindaugas Vaitkunas

Authors
  1. Giedrius Paulikas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Donatas Sandonavičius
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Edgaras Stasiukaitis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gytis Vilutis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mindaugas Vaitkunas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gytis Vilutis .

Editor information

Editors and Affiliations

  1. Kaunas University of Technology, Kaunas, Lithuania

    Audrius Lopata

  2. Kaunas University of Technology, Kaunas, Lithuania

    Daina Gudonienė

  3. Kaunas University of Technology, Kaunas, Lithuania

    Rita Butkienė

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Paulikas, G., Sandonavičius, D., Stasiukaitis, E., Vilutis, G., Vaitkunas, M. (2022). Survey of Cloud Traffic Anomaly Detection Algorithms. In: Lopata, A., Gudonienė, D., Butkienė, R. (eds) Information and Software Technologies. ICIST 2022. Communications in Computer and Information Science, vol 1665. Springer, Cham. https://doi.org/10.1007/978-3-031-16302-9_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-16302-9_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-16301-2

  • Online ISBN: 978-3-031-16302-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics