Development of an adaptive learning network-failure detection system

The purpose of this work consists in finding a method able to detect anomalies and adapt to new behaviours in an IP-network. Here is possible to find a work of investigation about the different anomaly detection systems. During the introduction and the first points, the audience could realize how the field of anomaly detection is divided in two big groups: Anomaly detection systems based in rules, and adaptive anomaly detection systems. These two ideas will be discuss, and some examples of each technology are given. In the case of adaptive anomaly detection, there are some techniques proposed. One of them is developed during the rest of the work. I wanted to implement this technique in a small network property of the RUS department of the University of Stuttgart. The implementation, the problems found and additional information can be found in this report. Later the tests and results applied make us think if the behaviour is correct or not. The discussion and the ideas obtained can be found at the end of the report, where is possible to find also the advices for future developers. This report has been designed as a guide for developers which lend them to avoid too much time in understanding the present algorithm. The aid of this work is to be considered as a helper reference to people who wants to implement this kind of systems.Ingeniería de Telecomunicació

Design of Hybrid Network Anomalies Detection System (H-NADS) Using IP Gray Space Analysis

In Network Security, there is a major issue to secure the public or private network from abnormal users. It is because each network is made up of users, services and computers with a specific behavior that is also called as heterogeneous system. To detect abnormal users, anomaly detection system (ADS) is used. In this paper, we present a novel and hybrid Anomaly Detection System with the uses of IP gray space analysis and dominant scanning port identification heuristics used to detect various anomalous users with their potential behaviors. This methodology is the combination of both statistical and rule based anomaly detection which detects five types of anomalies with their three types of potential behaviors and generates respective alarm messages to GUI.Network Security, Anomaly Detection, Suspicious Behaviors Detection

Analyzing Business Process Anomalies Using Autoencoders

Businesses are naturally interested in detecting anomalies in their internal processes, because these can be indicators for fraud and inefficiencies. Within the domain of business intelligence, classic anomaly detection is not very frequently researched. In this paper, we propose a method, using autoencoders, for detecting and analyzing anomalies occurring in the execution of a business process. Our method does not rely on any prior knowledge about the process and can be trained on a noisy dataset already containing the anomalies. We demonstrate its effectiveness by evaluating it on 700 different datasets and testing its performance against three state-of-the-art anomaly detection methods. This paper is an extension of our previous work from 2016 [30]. Compared to the original publication we have further refined the approach in terms of performance and conducted an elaborate evaluation on more sophisticated datasets including real-life event logs from the Business Process Intelligence Challenges of 2012 and 2017. In our experiments our approach reached an F1 score of 0.87, whereas the best unaltered state-of-the-art approach reached an F1 score of 0.72. Furthermore, our approach can be used to analyze the detected anomalies in terms of which event within one execution of the process causes the anomaly.Comment: 20 pages, 5 figure

Analyzing Business Process Anomalies Using Autoencoders

Businesses are naturally interested in detecting anomalies in their internal processes, because these can be indicators for fraud and inefficiencies. Within the domain of business intelligence, classic anomaly detection is not very frequently researched. In this paper, we propose a method, using autoencoders, for detecting and analyzing anomalies occurring in the execution of a business process. Our method does not rely on any prior knowledge about the process and can be trained on a noisy dataset already containing the anomalies. We demonstrate its effectiveness by evaluating it on 700 different datasets and testing its performance against three state-of-the-art anomaly detection methods. This paper is an extension of our previous work from 2016 [30]. Compared to the original publication we have further refined the approach in terms of performance and conducted an elaborate evaluation on more sophisticated datasets including real-life event logs from the Business Process Intelligence Challenges of 2012 and 2017. In our experiments our approach reached an F1 score of 0.87, whereas the best unaltered state-of-the-art approach reached an F1 score of 0.72. Furthermore, our approach can be used to analyze the detected anomalies in terms of which event within one execution of the process causes the anomaly.Comment: 20 pages, 5 figure

Hidden Markov Model Based Intrusion Alert Prediction

Intrusion detection is only a starting step in securing IT infrastructure. Prediction of intrusions is the next step to provide an active defense against incoming attacks. Most of the existing intrusion prediction methods mainly focus on prediction of either intrusion type or intrusion category. Also, most of them are built based on domain knowledge and specific scenario knowledge. This thesis proposes an alert prediction framework which provides more detailed information than just the intrusion type or category to initiate possible defensive measures. The proposed algorithm is based on hidden Markov model and it does not depend on specific domain knowledge. Instead, it depends on a training process. Hence the proposed algorithm is adaptable to different conditions. Also, it is based on prediction of the next alert cluster, which contains source IP address, destination IP range, alert type and alert category. Hence, prediction of next alert cluster provides more information about future strategies of the attacker. Experiments were conducted using a public data set generated over 2500 alert predictions. Proposed alert prediction framework achieved accuracy of 81% and 77% for single step and five step predictions respectively for prediction of the next alert cluster. It also achieved an accuracy of prediction of 95% and 92% for single step and five step predictions respectively for prediction of the next alert category. The proposed methods achieved 5% prediction accuracy improvement for alert category over variable length Markov based alert prediction method, while providing more information for a possible defense

Efficient Service for Next Generation Network Slicing Architecture and Mobile Traffic Analysis Using Machine Learning Technique

The tremendous growth of mobile devices, IOT devices, applications and many other services have placed high demand on mobile and wireless network infrastructures. Much research and development of 5G mobile networks have found the way to support the huge volume of traffic, extracting of fine-gained analytics and agile management of mobile network elements, so that it can maximize the user experience. It is very challenging to accomplish the tasks as mobile networks increase the complexity, due to increases in the high volume of data penetration, devices, and applications. One of the solutions, advance machine learning techniques, can help to mitigate the large number of data and algorithm driven applications. This work mainly focus on extensive analysis of mobile traffic for improving the performance, key performance indicators and quality of service from the operations perspective. The work includes the collection of datasets and log files using different kind of tools in different network layers and implementing the machine learning techniques to analyze the datasets to predict mobile traffic activity. A wide range of algorithms were implemented to compare the analysis in order to identify the highest performance. Moreover, this thesis also discusses about network slicing architecture its use cases and how to efficiently use network slicing to meet distinct demands