Abstract
The ability to detect an anomalous network traffic – even if it is slightly different than a normal one – becomes an important aspect of early detection of cyber attacks. Processes of monitoring and analyzing network data should not only provide accurate classifications of network status, but also detect early symptoms of unusual activities in a network. This would lead to a better understanding of suspicious actions, and enable triggering of prevention actions.
In this paper, we propose a system that uses multiple classifiers together with elements of evidence theory to identify anomalous network traffic and detect any deviation from a normal network behaviour. The obtained classification results are equipped with confidence levels. The individual classifiers are constructed with different Machine Learning techniques based on data collected with a developed network monitoring software. The data includes multiple features providing a comprehensive view of network traffic. The results of evaluation of a system implementing the proposed approach are discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bhuyan, M., Bhattacharyya, D.K., Kalita, J.: Network anomaly detection: methods systems and tools. IEEE Commun. Surv. Tutorials 16, 303–336 (2014)
Chan, P.K., Mahoney, M.V., Arshad, M.H.: Learning rules and clusters for anomaly detection in network traffic. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues Approaches Challenges, pp. 81–99. Springer (2005)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41, 15:1–15:58 (2009)
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13, 222–232 (1987)
Gogoi, P., Bhattacharyya, D.K., Borah, B., Kalita, J.K.: MLH-IDS: a multi-level hybrid intrusion detection method. Comput. J. 57, 602–623 (2014)
Ibrahim, H.E., Badr, S.M., Shaheen, M.A.: Adaptive layered approach using machine learning techniques with gain ratio for intrusion detection systems. Int. J. Comput. App. 56, 1016 (2012)
Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Australasian Conference on Computer Science, vol. 38, pp. 333–342 (2005)
Lu, H., Xu, J.: Three-level hybrid intrusion detection system. In: 9th International Conference on Information Engineering and Computer Science, pp. 1–4 (2009)
Nguyen, T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. 10, 56–76 (2008)
Patcha, A., Park, J.M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51, 3448–3470 (2007)
Savage, L.J.: Foundations of Statistics. Wiley, New York (1954)
Shafer, G.: A Mathematical Theory of Evidence. Princeton University Press, Princeton (1976)
Smets, Ph.: The concept of distinct evidence. In: IPMU 1992, Palma de Mallorca, Spain, pp. 789–794 (1992)
Smets, Ph, Kennes, R.: The transferable belief model. Artif. Intell. J. 66, 191–234 (1994)
Wathiq Laftah, Al.-Y., Othman, Z.A., Nazri, M.Z.A.: Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst. App. J. 67, 296–303 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Mattar, A., Reformat, M.Z. (2018). Detecting Anomalous Network Traffic Using Evidence Theory. In: Kacprzyk, J., Szmidt, E., Zadrożny, S., Atanassov, K., Krawczak, M. (eds) Advances in Fuzzy Logic and Technology 2017. EUSFLAT IWIFSGN 2017 2017. Advances in Intelligent Systems and Computing, vol 642. Springer, Cham. https://doi.org/10.1007/978-3-319-66824-6_43
Download citation
DOI: https://doi.org/10.1007/978-3-319-66824-6_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-66823-9
Online ISBN: 978-3-319-66824-6
eBook Packages: EngineeringEngineering (R0)