Detecting Anomalous Network Traffic Using Evidence Theory

Mattar, Ahmed; Reformat, Marek Z.

doi:10.1007/978-3-319-66824-6_43

Ahmed Mattar¹⁹ &
Marek Z. Reformat¹⁹

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 642))

Included in the following conference series:

954 Accesses

Abstract

The ability to detect an anomalous network traffic – even if it is slightly different than a normal one – becomes an important aspect of early detection of cyber attacks. Processes of monitoring and analyzing network data should not only provide accurate classifications of network status, but also detect early symptoms of unusual activities in a network. This would lead to a better understanding of suspicious actions, and enable triggering of prevention actions.

In this paper, we propose a system that uses multiple classifiers together with elements of evidence theory to identify anomalous network traffic and detect any deviation from a normal network behaviour. The obtained classification results are equipped with confidence levels. The individual classifiers are constructed with different Machine Learning techniques based on data collected with a developed network monitoring software. The data includes multiple features providing a comprehensive view of network traffic. The results of evaluation of a system implementing the proposed approach are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Bhuyan, M., Bhattacharyya, D.K., Kalita, J.: Network anomaly detection: methods systems and tools. IEEE Commun. Surv. Tutorials 16, 303–336 (2014)
Article Google Scholar
Chan, P.K., Mahoney, M.V., Arshad, M.H.: Learning rules and clusters for anomaly detection in network traffic. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues Approaches Challenges, pp. 81–99. Springer (2005)
Google Scholar
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41, 15:1–15:58 (2009)
Article Google Scholar
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13, 222–232 (1987)
Article Google Scholar
Gogoi, P., Bhattacharyya, D.K., Borah, B., Kalita, J.K.: MLH-IDS: a multi-level hybrid intrusion detection method. Comput. J. 57, 602–623 (2014)
Article Google Scholar
Ibrahim, H.E., Badr, S.M., Shaheen, M.A.: Adaptive layered approach using machine learning techniques with gain ratio for intrusion detection systems. Int. J. Comput. App. 56, 1016 (2012)
Google Scholar
Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Australasian Conference on Computer Science, vol. 38, pp. 333–342 (2005)
Google Scholar
Lu, H., Xu, J.: Three-level hybrid intrusion detection system. In: 9th International Conference on Information Engineering and Computer Science, pp. 1–4 (2009)
Google Scholar
Nguyen, T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. 10, 56–76 (2008)
Article Google Scholar
Patcha, A., Park, J.M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51, 3448–3470 (2007)
Article Google Scholar
Savage, L.J.: Foundations of Statistics. Wiley, New York (1954)
MATH Google Scholar
Shafer, G.: A Mathematical Theory of Evidence. Princeton University Press, Princeton (1976)
MATH Google Scholar
Smets, Ph.: The concept of distinct evidence. In: IPMU 1992, Palma de Mallorca, Spain, pp. 789–794 (1992)
Google Scholar
Smets, Ph, Kennes, R.: The transferable belief model. Artif. Intell. J. 66, 191–234 (1994)
Article MathSciNet MATH Google Scholar
Wathiq Laftah, Al.-Y., Othman, Z.A., Nazri, M.Z.A.: Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst. App. J. 67, 296–303 (2017)
Google Scholar

Download references

Author information

Authors and Affiliations

University of Alberta, Edmonton, T6G 1H9, Canada
Ahmed Mattar & Marek Z. Reformat

Authors

Ahmed Mattar
View author publications
You can also search for this author in PubMed Google Scholar
Marek Z. Reformat
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marek Z. Reformat .

Editor information

Editors and Affiliations

Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland
Janusz Kacprzyk
Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland
Eulalia Szmidt
Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland
Slawomir Zadrożny
Department of Telecommunications and Information Processing, Bulgarian Academy of Sciences, Sofia, Bulgaria
K. T. Atanassov
WIT - Warsaw School of Information Technology, Warsaw, Poland
Maciej Krawczak

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Mattar, A., Reformat, M.Z. (2018). Detecting Anomalous Network Traffic Using Evidence Theory. In: Kacprzyk, J., Szmidt, E., Zadrożny, S., Atanassov, K., Krawczak, M. (eds) Advances in Fuzzy Logic and Technology 2017. EUSFLAT IWIFSGN 2017 2017. Advances in Intelligent Systems and Computing, vol 642. Springer, Cham. https://doi.org/10.1007/978-3-319-66824-6_43

Download citation

DOI: https://doi.org/10.1007/978-3-319-66824-6_43
Published: 30 August 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-66823-9
Online ISBN: 978-3-319-66824-6
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics