Abstract
Network traffic anomaly detection is the foundation for discovering malicious attacks and securing network security. With the emergence of new technologies such as port masquerading and traffic encryption, traditional traffic anomaly detection methods face many difficulties in dealing with large-scale, high-dimensional, and diverse network traffic data, such as traffic features needing to be more abstract and the model being uninterpretable. In this paper, we construct a network traffic anomaly detection model based on shapelet and KNN (K-Nearest Neighbor). First, the backpropagation and k-shape algorithm are used to learn the set of shapelet instances; second, the DTW of the shapelet and the original sequence is calculated as attribute values to generate the transformed dataset of test set and shapelet; finally, combine with KNN classifier for network traffic anomaly detection. In this paper, multi-classification experiments are conducted on one available dataset, NSL-KDD with 99.18\(\%\) accuracy, and the experimental results are analyzed for model solvability.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wang, W., Wang, C., Guo, Y.: Industrial control malicious traffic anomaly detection system based on deep autoencoder. Front. Energy Res. 8, 555145 (2021)
Xie, X., Ning, W., Huang, Y.: Graph-based Bayesian network conditional normalizing flows for multiple time series anomaly detection. Int. J. Intell. Syst. 37, 10924–10939 (2022)
Moore, A.W., Papagiannaki, K.: Toward the accurate identification of network applications. In: Dovrolis, C. (ed.) PAM 2005. LNCS, vol. 3431, pp. 41–54. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31966-5_4
Sen S., Spatscheck O., Wang D.: Accurate, scalable in-network identification of p2p traffic using application signatures. In: The Web Conference (2004)
Dainotti A., Pescapé A., Claffy K.: Issues and future directions in traffic classification (2012)
Cai L., Janowicz K., Mai G.: Traffic transformer: capturing the continuity and periodicity of time series for traffic forecasting. In: Transactions in GIS vol. 24, pp. 736–755 (2020)
Tian, J., Azarian, M., Pecht, M.: Anomaly detection using self-organizing maps-based k-nearest neighbor algorithm. In: PHM Society European Conference (2014)
Moisés F., Bruno B., Lucas D.: Anomaly detection using baseline and K-means clustering. In: SoftCOM 2010, 18th International Conference on Software, Telecommunications and Computer Networks, pp. 305–309(2020)
Radford B., Apolonio L., Trias A.: Network traffic anomaly detection using recurrent neural networks. arXiv:1803.10769 (2018)
Hong W., Wang Y.: Prediction method of lane changing frequency based on neural network and Markov chain. In: Journal of East China Jiaotong University (2019)
Ye L., Keogh E.: Time series shapelets: a new primitive for data mining. In: Knowledge Discovery and Data Mining (2009)
Zhu H., Basir O.: An adaptive fuzzy evidential nearest neighbor formulation for classifying remote sensing images. In: IEEE Transactions on Geoscience and Remote Sensing, vol. 43, pp. 1874–1889 (2005)
Qu, Y., Bao, T., Li, L.: Do we need to pay technical debt in blockchain software systems. Connect. Sci. 34, 2026–2047 (2022)
Kim Y., Sa J., Kim S.: Shapelets-based intrusion detection for protection traffic flooding attacks. In: DASFAA Workshops (2018)
Zhou Y., Han M., Liu L.: Deep learning approach for cyberattack detection. In: IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 262–267 (2018)
Abrar I., Ayub Z., Masoodi F.: A machine learning approach for intrusion detection system on NSL-KDD dataset. In: International Conference on Smart Electronics and Communication (ICOSEC), pp. 919–924 (2020)
Abrar I., Ayub Z., Masoodi F.: A machine learning approach for intrusion detection system on NSL-KDD Dataset. In: Sensors (Basel, Switzerland) 20 (2020)
Kanna, P., Santhi, P.: Hybrid intrusion detection using MapReduce based black widow optimized convolutional long short-term memory neural networks. Expert Syst. Appl. 194, 116545 (2022)
Xie, X., Li, X., Xu L.: HaarAE: an unsupervised anomaly detection model for IOT devices based on Haar wavelet transform. Appl. Intell. 1–13 (2023). https://doi.org/10.1007/s10489-023-04449-z
Acknowledgments
This paper is supported by the National Natural Science Foundation of China, under Grant No. 62162026, Science and Technology Project supported by the education department of Jiangxi Province, under Grant No. GJJ210611, and the Science and Technology Key Research and Development Program of Jiangxi Province, under Grant No. 20203BBE53029.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yu, S., Xie, X., Li, Z., Zhen, W., Cai, T. (2024). A Network Traffic Anomaly Detection Method Based on Shapelet and KNN. In: Vaidya, J., Gabbouj, M., Li, J. (eds) Artificial Intelligence Security and Privacy. AIS&P 2023. Lecture Notes in Computer Science, vol 14509. Springer, Singapore. https://doi.org/10.1007/978-981-99-9785-5_5
Download citation
DOI: https://doi.org/10.1007/978-981-99-9785-5_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-9784-8
Online ISBN: 978-981-99-9785-5
eBook Packages: Computer ScienceComputer Science (R0)