OPEN ACCESS
An SVM (Support Machine Vector) algorithm has been implemented to sense traffic anomalies through a largescale IP Network. We have applied this algorithm on data provided by the well-known large-scale American IP Network (Abilene Network). The developed SVM algorithm can classify the Network traffic into two categories of classes namely: normal; and abnormal. The implementation of this algorithm has been performed on real collected data thanks to Netflow protocol and has yielded satisfactory results with a classification rate going over 96% and a false alarms rate lower than 10%.
anomaly detection, genetic algorithms – SMO, IP network- supervised learning, support vector machines (SVM), true negative ratio, true positive ratio
[1] Ahmed, T., Coates, M. & Lakhina, A., Multivariate online anomaly detection using kernel recursive least squares. IEEE Infocom Anchorage, AK, Boston University, 2007.
[2] Ringberg, H., Soule, A., Rexford, J. & Diote, C., Sensitivity of PCA for traffic anomaly detecion, Department of computer Science princeton University, Thomson Research, New Jersey USA, 2007.
[3] Mekaoui, S., Benhamed, C. & Ghoumid, K., Sensing anomalies with an optimal filter applied to the trafic matrix of an IP telecommunications network. In International Conference on Multimedia Computing and Systems, Morocco, 2012.
[4] Benhamed, C. & Mekaoui, S., A PCA Based algorithm for detecting volume traffic anomalies in IP Networks. JLCPTS 2015, USTHB 14 & 15 Janvier 2015, Alger, Algérie, 2015.
[5] Dao, V.N.P. & Vemuri, V.R., A performance comparison of different back propagation neural networks methods in computer network intrusion detection. Differential Equations and Dynamical Systems, 10(1–2), pp. 201–214, 2002.
[6] Farraposo, S., Owezarski, P. & Monteiro, E., Détection, classification et identification d’anomalies de trafic, hal-00250220, version 1, 2008.
[7] Lakhina, A., Crovella, M. & Diot, C., Mining anomalies using traffic feature distributions. ACM SIGCOMM, 2005 M. Young, The Technical Writer’s Handbook, Mill Valley, CA: University Science, Philadelphia, Pennsylvania, USA, 2005. http://dx.doi.org/10.1145/1080091.1080118
[8] Soule, A., Salamatian, K. & Taft, N., Combining filtering and statistical methods for anomaly detection, USENIX/ACM IMC, Boston, 2005.
http://dx.doi.org/10.1145/1330107.1330147
[9] Brutlag, J., Aberrant behavior detection in time series for network monotoring. In Proceeding of the USENIX System Administration Conference LISA XIV, USENIX Association Berkeley, CA, USA December, pp. 139–146, 2000.
[10] Soule, A., Salamatian, K. & Taft, N., Combining filtering and statistical methods for anomaly detection, LIP6-UPMC, Intel research 2005. In Proceedings of IFIP Networking, Waterloo, Ontario, Canada, 2005.
[11] Barford, P., Kline, J., Plonka, D. & Ron, A., A signal analysis of network traffic Anomalies.
ACM SIGCOM Internet Measurment Workshop, pp. 71–82, 2002.
http://dx.doi.org/10.1145/637201.637210
[12] Lakhina, A., Crovella, M. & Diot, C., « Diagnosing network traffic anomalies in trafic flows », SIGCOM, pp. 219–230, 2004.
[13] Lane, T. & Brodley, C.E., An application of machine learning to anomaly detection. Proceedings of the 20th National Information Systems Security Conference, Baltimore, MD, pp. 366– 377, 1997.
[14] Mukkamala, S., Janoski, G.I. & Sung, A.H., Intrusion detection using support vector machines. Proceedings of the High Performance Computing Symposium - HPC , San Diego, pp. 178–183, 2002.
[15] Hu, W., Liao, Y. & Rao Vemuri, V., Robust anomaly detection using support vector machines. In International Conference on Machine Learning, (ICMLA’03) Los Angeles, California, 2003.
[16] Vapnik, V.N., Statistical Learning Theory, John Wiley&Sons, Inc.: New York, Association for Computing Machinery; Knowl Discov2, pp. 121–167, 1998.
[17] Burges, C.J.C., A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery, 2(2), pp. 121–167, 1998. http://dx.doi.org/10.1023/A:1009715923555
[18] Cortes, C. & Vapnik, V.N., Support vector network. Machine Learning, 20(3), pp. 273–297, 1995. http://dx.doi.org/10.1007/BF00994018
[19] Rawat, S., Pujari, A.K., Gulati, V.P. & Rao Vemuri, V., Intrusion detection using text processing techniques with a binary-weighted cosine metric. Journal of Information Assurance & Security (JIAS), 1(1), pp. 43–50, 2006.
[20] Liao, Y. & Rao, V., Use of K nearest neighbor classifier for intrusion detection. Journal of Information Assurance and Security, 21(5), pp. 439–448, 2002. http://dx.doi.org/10.1016/s0167-4048(02)00514-x