Abstract
As a crucial issue in computer network security, anomaly detection is receiving more and more attention from both application and theoretical point of view. In this paper, a novel anomaly detection scheme is proposed. It can detect anomaly network traffic which has extreme large value on some original feature by the major component, or does not follow the correlation structure of normal traffic by the minor component. By introducing kernel trick, the non-linearity of network traffic can be well addressed. To save the processing time, a simplified version is also proposed, where only major component is adopted. Experimental results validate the effectiveness of the proposed scheme.
This work is supported by National Fundamental Research Development (973) under the contract 2003CB314805.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Hansegawa, M., Wu, G., Mizuno, M.: Applications of Nonlinear Prediction Methods to the Internet Traffic. In: The 2001 IEEE International Symposium on Circuits and Systems, pp. 169–172 (2001)
Heady, R., Luger, G., Maccabe, A., Servilla, M.: The Architecture of a Network Level Intrusion Detection System. Tech. Report, University of New Mexico (1990)
Leland, W.E., Taqqu, M.S., Willinger, W., Wilson, D.: On the Self-similar Nature of Ethernet Traffic. IEEE/ACM Tran. on Networking, 1-15 (1994)
Mahoney, M., Chan, P.K.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. SIGKDD, 376-385 (2002)
Markou, M., Singh, S.: Novelty Detection: A Review Part1: Statistical Approaches. Signal Processing (2003)
Markou, M., Singh, S.: Novelty Detection: A Review Part2: Neural Network-based Approaches. Signal Processing (2003)
Ostring, S., Sirisena, H.: The Influence of Long-rang Dependence on Traffic Prediction. In: IEEE ICC, pp. 1000–1005 (2001)
Paxson, V.B.: A System for Detecting Network Intruders in Real-Time. In: Proceedings of the 7’th USENIX Security Symposium, Lawrence Berkley National Laboratory (1998)
Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: Proceedings of USENIX Lisa 1999 (1999)
Scholkopf, B., Smola, A.J., Muller, K.R.: Nonlinear Component Analysis as a Kernel Eigenvalue Problem. Neural Computation, 1299-1319 (1998)
Shyu, M.L., Chen, S.C., Sarinnapakorn, K., Chang, L.W.: A Novel Abnormal Detection Scheme Based on Principle Component classifier. In: ICDM (2003)
Tong, H., Li, C., He, J.: A Boosting-Based Framework for Self-similar and Non-linear Interet Traffic Prediction. In: Yin, F.-L., Wang, J., Guo, C. (eds.) ISNN 2004. LNCS, vol. 3174, pp. 931–936. Springer, Heidelberg (2004)
Tran, Q.A., Duan, H., Li, X.: One-Class Support Vector Machine for Anomaly Network Traffic Detection. In: APAN (2004)
Vapnik, V.N.: An Overview of Statistical Learning Theory. IEEE Trans. on Neural Networks, 988-999 (1999)
Ye, N., Chen, Q.: An Anomaly Detection Technique Based on a Chi-Square Statistic for Detecting Intrusions into Information Systems. Quality and Reliability Eng. Int’l, 105-112 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tong, H. et al. (2005). Anomaly Internet Network Traffic Detection by Kernel Principle Component Classifier. In: Wang, J., Liao, XF., Yi, Z. (eds) Advances in Neural Networks – ISNN 2005. ISNN 2005. Lecture Notes in Computer Science, vol 3498. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11427469_77
Download citation
DOI: https://doi.org/10.1007/11427469_77
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25914-5
Online ISBN: 978-3-540-32069-2
eBook Packages: Computer ScienceComputer Science (R0)