Performance Evaluation of Network Anomaly Detection Systems

Nowadays, there is a huge and growing concern about security in information and communication technology (ICT) among the scientific community because any attack or anomaly in the network can greatly affect many domains such as national security, private data storage, social welfare, economic issues, and so on. Therefore, the anomaly detection domain is a broad research area, and many different techniques and approaches for this purpose have emerged through the years. Attacks, problems, and internal failures when not detected early may badly harm an entire Network system. Thus, this thesis presents an autonomous profile-based anomaly detection system based on the statistical method Principal Component Analysis (PCADS-AD). This approach creates a network profile called Digital Signature of Network Segment using Flow Analysis (DSNSF) that denotes the predicted normal behavior of a network traffic activity through historical data analysis. That digital signature is used as a threshold for volume anomaly detection to detect disparities in the normal traffic trend. The proposed system uses seven traffic flow attributes: Bits, Packets and Number of Flows to detect problems, and Source and Destination IP addresses and Ports, to provides the network administrator necessary information to solve them. Via evaluation techniques, addition of a different anomaly detection approach, and comparisons to other methods performed in this thesis using real network traffic data, results showed good traffic prediction by the DSNSF and encouraging false alarm generation and detection accuracy on the detection schema. The observed results seek to contribute to the advance of the state of the art in methods and strategies for anomaly detection that aim to surpass some challenges that emerge from the constant growth in complexity, speed and size of today’s large scale networks, also providing high-value results for a better detection in real time.Atualmente, existe uma enorme e crescente preocupação com segurança em tecnologia da informação e comunicação (TIC) entre a comunidade científica. Isto porque qualquer ataque ou anomalia na rede pode afetar a qualidade, interoperabilidade, disponibilidade, e integridade em muitos domínios, como segurança nacional, armazenamento de dados privados, bem-estar social, questões econômicas, e assim por diante. Portanto, a deteção de anomalias é uma ampla área de pesquisa, e muitas técnicas e abordagens diferentes para esse propósito surgiram ao longo dos anos. Ataques, problemas e falhas internas quando não detetados precocemente podem prejudicar gravemente todo um sistema de rede. Assim, esta Tese apresenta um sistema autônomo de deteção de anomalias baseado em perfil utilizando o método estatístico Análise de Componentes Principais (PCADS-AD). Essa abordagem cria um perfil de rede chamado Assinatura Digital do Segmento de Rede usando Análise de Fluxos (DSNSF) que denota o comportamento normal previsto de uma atividade de tráfego de rede por meio da análise de dados históricos. Essa assinatura digital é utilizada como um limiar para deteção de anomalia de volume e identificar disparidades na tendência de tráfego normal. O sistema proposto utiliza sete atributos de fluxo de tráfego: bits, pacotes e número de fluxos para detetar problemas, além de endereços IP e portas de origem e destino para fornecer ao administrador de rede as informações necessárias para resolvê-los. Por meio da utilização de métricas de avaliação, do acrescimento de uma abordagem de deteção distinta da proposta principal e comparações com outros métodos realizados nesta tese usando dados reais de tráfego de rede, os resultados mostraram boas previsões de tráfego pelo DSNSF e resultados encorajadores quanto a geração de alarmes falsos e precisão de deteção. Com os resultados observados nesta tese, este trabalho de doutoramento busca contribuir para o avanço do estado da arte em métodos e estratégias de deteção de anomalias, visando superar alguns desafios que emergem do constante crescimento em complexidade, velocidade e tamanho das redes de grande porte da atualidade, proporcionando também alta performance. Ainda, a baixa complexidade e agilidade do sistema proposto contribuem para que possa ser aplicado a deteção em tempo real

Performance analysis of weather s impact on outdoor IEEE 802.11b/g links using network management parameters

Some previous works concluded that weather conditions impact on the performance of outdoor IEEE 802.11b/g links. They show high correlation coefficients between the number of control frame errors and the weather conditions. However, these previous studies do not consider grouping weather conditions into ranges and it would provide very valuable information in this issue. Knowing the weather conditions ranges where the weathers' impact is really significant would be very useful for future outdoor networks. Thus, we have carried out a deep study on an experimental IEEE 802.11b/g setup in order to extract real conclusions. It is composed of two outdoor radio links of different lengths transmitting traffic continuously. Results show that in spite of covering a lower distance, the short distance link is more susceptible to the weather conditions. It is due to the modulation scheme used in that case. Moreover, they show different correlation coefficients depending on the groupings of weather conditions.This work has been supported by the "Vicerectorat d'investigacio" through the "Programa para la Formacion de Personal Investigador" of the UPV (FPI-UPV). The authors would like to thank the Information and Communications Systems Office (ASIC), Borja Opticos Enterprise and Azimut Electronics Company for their collaboration and support.Bri Molinero, D.; García Pineda, M.; Lloret, J.; Ramos Pascual, F. (2016). Performance analysis of weather s impact on outdoor IEEE 802.11b/g links using network management parameters. Mobile Networks and Applications. 21:603-619. doi:10.1007/s11036-016-0758-9S60361921ITU Radiocommunication Sector (2013) Recommendation ITU-R P.840–6 attenuation due to clouds and fog, International Telecommunications UnionITU Radiocommunication Sector (2013) Recommendation ITU-R P.676–10, Attenuation by atmospheric gases, International Telecommunications UnionITU Radiocommunication Sector (2013) Recommendation ITU-R P.838–3 specific attenuation model for rain for use in prediction methods, International Telecommunications UnionJ. B. Ernst, S. Kremer, J. J. P. C. Rodrigues (2014) A utility based access point selection method for IEEE 802.11 wireless networks with enhanced quality of experience, de IEEE International Conference on Communications (ICC), SydneyD. Bri, F. Ramos, J. Lloret and M. Garcia (2012) The influence of meteorological variables on the performance of outdoor wireless local area networks, in IEEE International Conference on Communications (ICC), OttawaD. Bri, M. Garcia, J. Lloret and F. Ramos (2014) A cognitive algorithm based on the weather conditions to enhance wireless outdoor communications, in Cognitive Networks: Applications and Deployments, CRC Press, pp. 427–443.Proença ML Jr, Fernandes G Jr, Carvalho LF, de Assis MVO, Rodrigues JJPC (2016) Digital signature to help network management using flow analysis. Int J Network Mgmt 16:76–94de Assis MVO, Rodrigues JJPC, Proença ML Jr (2014) A seven-dimensional flow analysis to help autonomous network management, Information Sciences. Elsevier 278:900–913H. Wennerstrom, F. Hermans, O. Rensfelt, C. Rohner and L.-A. Norden (2013) A long-term study of correlations between meteorological conditions and 802.15.4 link performance, in 10th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), New Orleans, LA, JuneMafuta M, Zennaro M, Bagula A, Ault G, Gombachika H, Chadza T (2013) Successful deployment of a wireless sensor network for precision agriculture in Malawi. International Journal of Distributed Sensor Networks 2013:13R. Marfievici, A. Murphy, G. Picco, F. Ossi and F. Cagnacci (2013) How environmental factors impact outdoor wireless sensor networks: a case study, in IEEE 10th International Conference on Mobile Ad-Hoc and Sensor Systems (MASS), HangzhouBoano C, Tsiftes N, Voigt T, Brown J, Roedig U (2010) The impact of temperature on outdoor industrial sensornet applications. IEEE Transactions on Industrial Informatics 6(3):451–459Bannister K, Giorgetti G, Gupta SK (2008) Wireless sensor networking for hot applications: effects of temperature on signal strength, data collection and localization, in Workshop on Embedded Networked Sensors (HotEmNets). Charlottesville, Virginia, USAJ. Thelen and D. Goense (2005) Radio wave propagation in potato fields, in Workshop on Wireless Network Measurements (WiNMee)K. Ohshima, H. Hara, Y. Hagiwara and M. Terada (2012) Field investigation of the RadioTransmission performance and distance in a environmental wireless sensor network, in International Conference on Information Networking (ICOIN), BaliC. Ching-Hsiang, C. You-Ming, H. Yu-Te, R. Carvalho, H. Chiun-Chieh and L.-J. Chen (2014) Measurement of long-distance wi-fi connections: an empirical study, in IEEE International Conference on Communications (ICC), SydneyK. Ohshima, H. Hara, Y. Hagiwara y M. Terada (2012) Field investigation of the radio transmission performance and distance in a environmental wireless sensor network, de International Conference on Information Networking (ICOIN), BaliF. Nadeem, E. Leitgeb, O. Koudelka, T. Javornic, G. Kandus (2008) Comparing the rain effects on hybrid network using optical wireless and GHz links,» de 4th International Conference on Emerging Technologies (ICET), RawalpindiBri D, Fernandez-Diego M, Garcia M, Ramos F, Lloret J (2012) How the weather impacts on the performance of an outdoor WLAN. IEEE Commun Lett 16(8):1184–1187D. Bri, S. Sendra, H. Coll and J. Lloret (2010) How the atmospheric variables affect to the WLAN datalink layer parameters, in The Sixth Advanced International Conference on Telecommunications, BarcelonaBri D, Garcia M, Lloret J, Misic J (2015) Measuring the weather’s impact on MAC layer over 2.4 GHz outdoor radio links. Measurement 61:221–233Azimut Electronics, [Online]. Available: http://www.azimutelectronics.es/?lang=en . [Accessed January 2015].IEEE (2012) Std 802.11™-2012 (Revision of IEEE Std 802.11-2007) Part 11: wireless lan medium access control (mac) and physical layer (phy) specifications, IEEE Computer Society, New Yorkmeteogandia.com, [Online]. Available: http://www.meteogandia.com/index.html . [Accessed January 2015].Y. Liang and S. F. Midkiff (2005) Multipath Fresnel zone routing for wireless ad hoc networks, in IEEE Wireless Communications and Networking Conference, New OrleansJ. Case, M. Fedor, M. Schoffstall and J. Davin (1990) A simple network management protocol (SNMP) (request for comments: 1157), the internet engineering task force (IETF )K. McCloghrie and M. Rose, (1991) Management information base for network management of TCP/IP-based internets: MIB-II (request for comments: 1213), the internet engineering task force (IETF)K. McCloghrie, D. Perkins, J. Schoenwaelder, J. Case, M. Rose and S. Waldbusser (1999) Structure of management information version 2 (SMIv2), request for comments: 2578, the internet engineering task force (IETF)Field A (2013) Discovering statistics using IBM SPSS statistics. Sage, CaliforniaN. S. Chok (2010) Pearson’s versus Spearman’s and Kendall’s correlation, Thesis, University of PittsburghYun J-H (2013) Performance analysis of IEEE 802.11 WLANs with rate adaptation in time-varying fading channels. Computer Networks 56(5):1153–116