Scalable network-wide anomaly detection using compressed data

Detecting network traffic volume anomalies in real time is a key problem as it enables measures to be taken to prevent network congestion which severely affects the end users. Several techniques based on principal component analysis (PCA) have been outlined in the past which detect volume anomalies as outliers in the residual subspace. However, these methods are not scalable to networks with a large number of links. We address this scalability issue with a new approach inspired from the recently developed compressed sensing (CS) theory. This theory induces a universal information sampling sheme right at the network sensory level to reduce the data overhead. Specifically, we address exploit the compressibility characteristics of the network data and describe a framework for anomaly detection in the compressed domain. Our main theoretical contribution is a detailed theoretical analysis of the new approach which obtains the probabilistic bounds on the principal eigenvalues of the compressed data. Subsequently, we prove that volume anomaly detection using compressed data can achieve equivalent performance as it does using the original uncompressed and reduces the computational cost significantly. The experimental results on both the Abiliene and synthetic datasets support our theoretical findings and demonstrate the advantages of the new approach over the existing methods

A system based on Naive Bayesian for Denial-Of-Service Attack detection

Denial-of-service (DoS) attacks cause serious effect on systems. For most correct network traffic characterization, attack detection system uses multivariate correlation analysis (MCA). It Extract the geometrical correlations in between network traffic features. MCA based system enlightens the principle of anomaly based detection while attack recognition. MCA makes the situation easy for detecting known and unknown types of DoS attacks by simply observing the legitimate network traffic patterns. MCA uses Triangle Area Map (TAM) technique to speed up the Multivariate Correlation Analysis process. Proposed system can be evaluated by using KDD cup99 dataset. Naive Bayes (NBS) classifier is used as for attack detection. This algorithm addresses the problem of classifying the large intrusion detection dataset, which improves the detection rates and reduces the false positives at acceptable level in intrusion detection.It is probabilistic classifier which based on applying Bayes theorem.The proposed DoS attack detection system achieved highest accuracy as comparing to RBFN and IBK.99.96% accuracy is achieved by intrusion detection system.The Proposed detection system gives very low false positive Rate as about 0.002% which helps to increase the performance of detection System. As compare to RBFN and IBK, Naïve bayes classifier gives very low false positive rate, which helps to increase the performance of detection System. As compare to RBFN and IBK, Naïve bayes classifier gives very low false positive rate