TY - GEN
T1 - Human error tolerant anomaly detection using time-periodic packet sampling
AU - Uchida, Masato
N1 - Funding Information:
This work was supported in part by the Japan Society for the Promotion of Science through Grants-in-Aid for Scientific Research (C) ( 26330112 ).
Publisher Copyright:
© 2014 IEEE.
PY - 2014/3/9
Y1 - 2014/3/9
N2 - This paper focuses on an anomaly detection method that uses a baseline model describing the normal behavior of network traffic as the basis for comparison with the audit network traffic. In the anomaly detection method, an alarm is raised if a pattern in the current network traffic deviates from the baseline model. The baseline model is often trained using normal traffic data extracted from traffic data for which all instances (i.e., packets) are manually labeled by human experts in advance as either normal or anomalous. However, since humans are fallible, some errors are inevitable in labeling traffic data. Therefore, in this paper, we propose an anomaly detection method that is tolerant to human errors in labeling traffic data. The fundamental idea behind the proposed method is to take advantage of the lossy nature of packet sampling for the purpose of correcting/preventing human errors in labeling traffic data. By using real traffic traces, we show that the proposed method can better detect anomalies regarding TCP SYN packets than the method that relies only on human labeling.
AB - This paper focuses on an anomaly detection method that uses a baseline model describing the normal behavior of network traffic as the basis for comparison with the audit network traffic. In the anomaly detection method, an alarm is raised if a pattern in the current network traffic deviates from the baseline model. The baseline model is often trained using normal traffic data extracted from traffic data for which all instances (i.e., packets) are manually labeled by human experts in advance as either normal or anomalous. However, since humans are fallible, some errors are inevitable in labeling traffic data. Therefore, in this paper, we propose an anomaly detection method that is tolerant to human errors in labeling traffic data. The fundamental idea behind the proposed method is to take advantage of the lossy nature of packet sampling for the purpose of correcting/preventing human errors in labeling traffic data. By using real traffic traces, we show that the proposed method can better detect anomalies regarding TCP SYN packets than the method that relies only on human labeling.
KW - Anomaly detection
KW - Human error
KW - Packet sampling
UR - http://www.scopus.com/inward/record.url?scp=84946692517&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84946692517&partnerID=8YFLogxK
U2 - 10.1109/INCoS.2014.17
DO - 10.1109/INCoS.2014.17
M3 - Conference contribution
AN - SCOPUS:84946692517
T3 - Proceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014
SP - 390
EP - 395
BT - Proceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014
A2 - Xhafa, Fatos
A2 - Koeppen, Mario
A2 - Palmieri, Francesco
A2 - Loia, Vincenzo
A2 - Barolli, Leonard
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 6th International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014
Y2 - 10 September 2014 through 12 September 2014
ER -