23,697 research outputs found
DeepHTTP: Semantics-Structure Model with Attention for Anomalous HTTP Traffic Detection and Pattern Mining
In the Internet age, cyber-attacks occur frequently with complex types.
Traffic generated by access activities can record website status and user
request information, which brings a great opportunity for network attack
detection. Among diverse network protocols, Hypertext Transfer Protocol (HTTP)
is widely used in government, organizations and enterprises. In this work, we
propose DeepHTTP, a semantics structure integration model utilizing
Bidirectional Long Short-Term Memory (Bi-LSTM) with attention mechanism to
model HTTP traffic as a natural language sequence. In addition to extracting
traffic content information, we integrate structural information to enhance the
generalization capabilities of the model. Moreover, the application of
attention mechanism can assist in discovering critical parts of anomalous
traffic and further mining attack patterns. Additionally, we demonstrate how to
incrementally update the data set and retrain model so that it can be adapted
to new anomalous traffic. Extensive experimental evaluations over large traffic
data have illustrated that DeepHTTP has outstanding performance in traffic
detection and pattern discovery
Anomaly Detection in a Digital Video Broadcasting System Using Timed Automata
This paper focuses on detecting anomalies in a digital video broadcasting
(DVB) system from providers' perspective. We learn a probabilistic
deterministic real timed automaton profiling benign behavior of encryption
control in the DVB control access system. This profile is used as a one-class
classifier. Anomalous items in a testing sequence are detected when the
sequence is not accepted by the learned model.Comment: This paper has been accepted by the Thirty-Second Annual ACM/IEEE
Symposium on Logic in Computer Science (LICS) Workshop on Learning and
Automata (LearnAut
Performance-Aware Management of Cloud Resources: A Taxonomy and Future Directions
Dynamic nature of the cloud environment has made distributed resource
management process a challenge for cloud service providers. The importance of
maintaining the quality of service in accordance with customer expectations as
well as the highly dynamic nature of cloud-hosted applications add new levels
of complexity to the process. Advances to the big data learning approaches have
shifted conventional static capacity planning solutions to complex
performance-aware resource management methods. It is shown that the process of
decision making for resource adjustment is closely related to the behaviour of
the system including the utilization of resources and application components.
Therefore, a continuous monitoring of system attributes and performance metrics
provide the raw data for the analysis of problems affecting the performance of
the application. Data analytic methods such as statistical and machine learning
approaches offer the required concepts, models and tools to dig into the data,
find general rules, patterns and characteristics that define the functionality
of the system. Obtained knowledge form the data analysis process helps to find
out about the changes in the workloads, faulty components or problems that can
cause system performance to degrade. A timely reaction to performance
degradations can avoid violations of the service level agreements by performing
proper corrective actions including auto-scaling or other resource adjustment
solutions. In this paper, we investigate the main requirements and limitations
in cloud resource management including a study of the approaches in workload
and anomaly analysis in the context of the performance management in the cloud.
A taxonomy of the works on this problem is presented which identifies the main
approaches in existing researches from data analysis side to resource
adjustment techniques
Feedforward Neural Network for Time Series Anomaly Detection
Time series anomaly detection is usually formulated as finding outlier data
points relative to some usual data, which is also an important problem in
industry and academia. To ensure systems working stably, internet companies,
banks and other companies need to monitor time series, which is called KPI (Key
Performance Indicators), such as CPU used, number of orders, number of online
users and so on. However, millions of time series have several shapes (e.g.
seasonal KPIs, KPIs of timed tasks and KPIs of CPU used), so that it is very
difficult to use a simple statistical model to detect anomaly for all kinds of
time series. Although some anomaly detectors have developed many years and some
supervised models are also available in this field, we find many methods have
their own disadvantages. In this paper, we present our system, which is based
on deep feedforward neural network and detect anomaly points of time series.
The main difference between our system and other systems based on supervised
models is that we do not need feature engineering of time series to train deep
feedforward neural network in our system, which is essentially an end-to-end
system
Using Intuitionistic Fuzzy Set for Anomaly Detection of Network Traffic from Flow Interaction
We present a method to detect anomalies in a time series of flow interaction
patterns. There are many existing methods for anomaly detection in network
traffic, such as number of packets. However, there is non established method
detecting anomalies in a time series of flow interaction patterns that can be
represented as complex network. Firstly, based on proposed multivariate flow
similarity method on temporal locality, a complex network model (MFS-TL) is
constructed to describe the interactive behaviors of traffic flows. Having
analyzed the relationships between MFS-TL characteristics, temporal locality
window and multivariate flow similarity critical threshold, an approach for
parameter determination is established. Having observed the evolution of MFS-TL
characteristics, three non-deterministic correlations are defined for network
states (i.e. normal or abnormal). Furthermore, intuitionistic fuzzy set (IFS)
is introduced to quantify three non-deterministic correlations, and then a
anomaly detection method is put forward for single characteristic sequence. To
build an objective IFS, we design a Gaussian distribution-based membership
function with a variable hesitation degree. To determine the mapping of IFS's
clustering intervals to network states, a distinction index is developed. Then,
an IFS ensemble method (IFSE-AD) is proposed to eliminate the impacts of the
inconsistent about MFS-TL characteristic to network state and improve detection
performance. Finally, we carried out extensive experiments on several network
traffic datasets for anomaly detection, and the results demonstrate the
superiority of IFSE-AD to state-of-the-art approaches, validating the
effectiveness of our method.Comment: 15 pages, 4 figures, 5 table
Exploiting AIS Data for Intelligent Maritime Navigation: A Comprehensive Survey
The Automatic Identification System (AIS) tracks vessel movement by means of
electronic exchange of navigation data between vessels, with onboard
transceiver, terrestrial and/or satellite base stations. The gathered data
contains a wealth of information useful for maritime safety, security and
efficiency. This paper surveys AIS data sources and relevant aspects of
navigation in which such data is or could be exploited for safety of seafaring,
namely traffic anomaly detection, route estimation, collision prediction and
path planning.Comment: 24 pages, 7 figures, 3 table
Language identification of controlled systems: Modelling, control and anomaly detection
Formal language techniques have been used in the past to study autonomous
dynamical systems. However, for controlled systems, new features are needed to
distinguish between information generated by the system and input control. We
show how the modelling framework for controlled dynamical systems leads
naturally to a formulation in terms of context-dependent grammars. A learning
algorithm is proposed for on-line generation of the grammar productions, this
formulation being then used for modelling, control and anomaly detection.
Practical applications are described for electromechanical drives. Grammatical
interpolation techniques yield accurate results and the pattern detection
capabilities of the language-based formulation makes it a promising technique
for the early detection of anomalies or faulty behaviour.Comment: 27 pages Latex, 18 figure
FuGeIDS: Fuzzy Genetic paradigms in Intrusion Detection Systems
With the increase in the number of security threats, Intrusion Detection
Systems have evolved as a significant countermeasure against these threats. And
as such, the topic of Intrusion Detection Systems has become one of the most
prominent research topics in recent years. This paper gives an overview of the
Intrusion Detection System and looks at two major machine learning paradigms
used in Intrusion Detection System, Genetic Algorithms and Fuzzy Logic and how
to apply them for intrusion detection.Comment: 7 pages, 2 figures, 1 tabl
Using Google Analytics to Support Cybersecurity Forensics
Web traffic is a valuable data source, typically used in the marketing space
to track brand awareness and advertising effectiveness. However, web traffic is
also a rich source of information for cybersecurity monitoring efforts. To
better understand the threat of malicious cyber actors, this study develops a
methodology to monitor and evaluate web activity using data archived from
Google Analytics. Google Analytics collects and aggregates web traffic,
including information about web visitors' location, date and time of visit,
visited webpages, and searched keywords. This study seeks to streamline
analysis of this data and uses rule-based anomaly detection and predictive
modeling to identify web traffic that deviates from normal patterns. Rather
than evaluating pieces of web traffic individually, the methodology seeks to
emulate real user behavior by creating a new unit of analysis: the user
session. User sessions group individual pieces of traffic from the same
location and date, which transforms the available information from single
point-in-time snapshots to dynamic sessions showing users' trajectory and
intent. The result is faster and better insight into large volumes of noisy web
traffic.Comment: 2017 IEEE International Conference on Big Data (Big Data
Network Traffic Anomaly Detection
This paper presents a tutorial for network anomaly detection, focusing on
non-signature-based approaches. Network traffic anomalies are unusual and
significant changes in the traffic of a network. Networks play an important
role in today's social and economic infrastructures. The security of the
network becomes crucial, and network traffic anomaly detection constitutes an
important part of network security. In this paper, we present three major
approaches to non-signature-based network detection: PCA-based, sketch-based,
and signal-analysis-based. In addition, we introduce a framework that subsumes
the three approaches and a scheme for network anomaly extraction. We believe
network anomaly detection will become more important in the future because of
the increasing importance of network security.Comment: 26 page
- …