ANALISIS METODE COVARIANCE MATRIX MENGGUNAKAN TEKNIK LANDMARK WINDOW UNTUK SISTEM DETEKSI ANOMALI TRAFIK

Dalam beberapa tahun terakhir, fenomena anomali trafik pada lalu lintas jaringan komputer menarik banyak perhatian para peneliti. Menurut [1] serangan Distributed Denial of Service (DDoS) adalah jenis serangan yang dapat merugikan trafik jaringan yang sedang digunakan, baik terhadap target serangan maupun seluruh pengguna. Sedangkan peristiwa flashcrowd adalah sebuah lonjakan besar pada lalu lintas jaringan internet karena jumlah user yang mengakses server naik secara signifikan dan menempatkan tekanan berat pada link jaringan yang mengarah ke server. Pada tugas akhir ini digunakan teknik statistik covariance matric yang tidak mengabaikan fitur satu dengan fitur lainnya, dapat dibuat sistem deteksi anomali dengan mengubah data asli ke ruang fitur covariance. Serangan yang ada ini dapat diklasifikasi dengan menggunakan SVM. Accuracy, detection rate dan false positive rate adalah parameter pengujian yang digunakan dalam penelitian. Hasil dari penelitian ini, algoritma SVM memiliki performansi nilai rata-rata detection rate dalam mengklasifikasikan data homogen sebesar 99% pada dataset KDDCUP 99 dan akurasi sebesar 90,5%. Untuk data heterogen performansi menurun dengan meningkatnya nilai FPR pada data yg di uji dengan rata-rata 22,6% karena data diberi noise serangan pada proses preprocessing

Efficient large flow detection over arbitrary windows: an exact algorithm outside an ambiguity region

Being able to exactly detect large network flows under an arbitrary time win- dow model is expected in many current and future applications like Denial- of-Service (DoS) flow detection, bandwidth guarantee, etc. However, to the best of our knowledge, there is no existing work that can achieve exact large flow detection without per-flow status. Maintaining per-flow status requires a large amount of expensive line-speed storage, thus it is not practical in real systems. Therefore, we proposed a novel model of an arbitrary time window with exactness outside an ambiguity region, which trades the level of exactness for scalability. Although some existing work also uses some techniques like sampling, multistage filters, etc. to make the system scal- able, most of them do not support the arbitrary time window model and they usually introduce a lot of false positives for legitimate flows. Inspired by a frequent item finding algorithm, we proposed Exact-outside-Ambiguity- Region Detector (EARDet), an arbitrary-window-based, efficient, simple, and no-per-flow-status large flow detector, which is exact outside an ambi- guity window defined by a high-bandwidth threshold and a low-bandwidth threshold. EARDet is able to catch all large flows violating the high- bandwidth threshold; meanwhile it protects all legitimate flows complying with the low-bandwidth threshold. Because EARDet focuses on flow clas- sification but not flow size estimation, it demonstrates amazing scalability such that we can fit the storage into on-chip Static Random-Access Memory (SRAM) to achieve line-speed detection. To evaluate EARDet, we not only theoretically proved properties of EARDet above, but also evaluated them with real traffic, and the result perfectly supports our analysis

An Approach for Removing Redundant Data from RFID Data Streams

Radio frequency identification (RFID) systems are emerging as the primary object identification mechanism, especially in supply chain management. However, RFID naturally generates a large amount of duplicate readings. Removing these duplicates from the RFID data stream is paramount as it does not contribute new information to the system and wastes system resources. Existing approaches to deal with this problem cannot fulfill the real time demands to process the massive RFID data stream. We propose a data filtering approach that efficiently detects and removes duplicate readings from RFID data streams. Experimental results show that the proposed approach offers a significant improvement as compared to the existing approaches

Exploratory Cluster Analysis from Ubiquitous Data Streams using Self-Organizing Maps

This thesis addresses the use of Self-Organizing Maps (SOM) for exploratory cluster analysis over ubiquitous data streams, where two complementary problems arise: first, to generate (local) SOM models over potentially unbounded multi-dimensional non-stationary data streams; second, to extrapolate these capabilities to ubiquitous environments. Towards this problematic, original contributions are made in terms of algorithms and methodologies. Two different methods are proposed regarding the first problem. By focusing on visual knowledge discovery, these methods fill an existing gap in the panorama of current methods for cluster analysis over data streams. Moreover, the original SOM capabilities in performing both clustering of observations and features are transposed to data streams, characterizing these contributions as versatile compared to existing methods, which target an individual clustering problem. Also, additional methodologies that tackle the ubiquitous aspect of data streams are proposed in respect to the second problem, allowing distributed and collaborative learning strategies. Experimental evaluations attest the effectiveness of the proposed methods and realworld applications are exemplified, namely regarding electric consumption data, air quality monitoring networks and financial data, motivating their practical use. This research study is the first to clearly address the use of the SOM towards ubiquitous data streams and opens several other research opportunities in the future

Mining Frequent Patterns in Uncertain and Relational Data Streams using the Landmark Windows

Todays, in many modern applications, we search for frequent and repeating patterns in the analyzed data sets. In this search, we look for patterns that frequently appear in data set and mark them as frequent patterns to enable users to make decisions based on these discoveries. Most algorithms presented in the context of data stream mining and frequent pattern detection, work either on uncertain data, or use the sliding window model to assess data streams. Sliding window model uses a fixed-size window to only maintain the most recently inserted data and ignores all previous data (or those that are out of its window). Many real-world applications however require maintaining all inserted or obtained data. Therefore, the question arises that whether other window models can be used to find frequent patterns in dynamic streams of uncertain data.In this paper, we used landmark window model and time-fading model to answer that question. The method presented in the form of proposed algorithm, which uses the idea of landmark window model to find frequent patterns in the relational and uncertain data streams, shows a better performance in finding functional dependencies than other methods in this field. Another advantage of this method compared with other methods is that it shows tuples that do not follow a single dependency. This feature can be used to detect inconsistent data in a data set

Two-stage sparse representation clustering for dynamic data streams

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Data streams are a potentially unbounded sequence of data objects, and the clustering of such data is an effective way of identifying their underlying patterns. Existing data stream clustering algorithms face two critical issues: 1) evaluating the relationship among data objects with individual landmark windows of fixed size and 2) passing useful knowledge from previous landmark windows to the current landmark window. Based on sparse representation techniques, this article proposes a two-stage sparse representation clustering (TSSRC) method. The novelty of the proposed TSSRC algorithm comes from evaluating the effective relationship among data objects in the landmark windows with an accurate number of clusters. First, the proposed algorithm evaluates the relationship among data objects using sparse representation techniques. The dictionary and sparse representations are iteratively updated by solving a convex optimization problem. Second, the proposed TSSRC algorithm presents a dictionary initialization strategy that seeks representative data objects by making full use of the sparse representation results. This efficiently passes previously learned knowledge to the current landmark window over time. Moreover, the convergence and sparse stability of TSSRC can be theoretically guaranteed in continuous landmark windows under certain conditions. Experimental results on benchmark datasets demonstrate the effectiveness and robustness of TSSRC