{"title":"Enhanced Network Traffic Anomaly Detection: Integration of Tensor Eigenvector Centrality with Low-Rank Recovery Models","authors":"Wei Lin;Chen Li;Li Xu;Kun Xie","doi":"10.1109/TSC.2024.3433580","DOIUrl":null,"url":null,"abstract":"In service computing, network traffic anomaly detection is pivotal for monitoring and identifying irregularities in network traffic to uphold the security, reliability, and stability of networks and services. In network traffic data, centrality is exhibited as certain nodes more frequently act as communication sources or destinations, or play critical intermediary roles in the network. These structures are also among the targets of network bottlenecks and targeted attacks. Current unsupervised network traffic anomaly detection algorithms, based on low-rank tensor recovery, achieve effective detection performance by comprehensively capturing network information. However, these algorithms often neglect the underlying topological structure, focusing solely on linear data structures, which leads to overlooking the degree of traffic concentration and nonlinear data structures. It reduces the detection efficiency of abnormal traffic generated by targeted attacks. To comprehensively understand the evolution of traffic concentration over time, this study introduces a mathematical formula for tensor eigenvector edge centrality. The formula provides rankings of edge importance based on the significance of nodes and time layers, and the effectiveness of centrality is validated through structural perturbations in the network. On this basis, we design a low-rank tensor recovery model utilizing representation learning to obtain the centrality feature matrix of network traffic data. By encoding centrality for nonlinear proximity information, and incorporating the Laplacian matrix to capture nonlinear structural information in tensor decomposition, the accuracy of anomaly detection is enhanced. Extensive experiments on Abilene and GÈANT network traffic data demonstrate that our proposed algorithm not only achieves higher precision and recall rates in random anomalies but also performs better in detecting anomalous traffic generated by high centrality structures compared to state of art algorithms based on matrix-based anomaly detection and tensor recovery methods.","PeriodicalId":13255,"journal":{"name":"IEEE Transactions on Services Computing","volume":"17 6","pages":"3597-3612"},"PeriodicalIF":5.8000,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Services Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10609543/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
In service computing, network traffic anomaly detection is pivotal for monitoring and identifying irregularities in network traffic to uphold the security, reliability, and stability of networks and services. In network traffic data, centrality is exhibited as certain nodes more frequently act as communication sources or destinations, or play critical intermediary roles in the network. These structures are also among the targets of network bottlenecks and targeted attacks. Current unsupervised network traffic anomaly detection algorithms, based on low-rank tensor recovery, achieve effective detection performance by comprehensively capturing network information. However, these algorithms often neglect the underlying topological structure, focusing solely on linear data structures, which leads to overlooking the degree of traffic concentration and nonlinear data structures. It reduces the detection efficiency of abnormal traffic generated by targeted attacks. To comprehensively understand the evolution of traffic concentration over time, this study introduces a mathematical formula for tensor eigenvector edge centrality. The formula provides rankings of edge importance based on the significance of nodes and time layers, and the effectiveness of centrality is validated through structural perturbations in the network. On this basis, we design a low-rank tensor recovery model utilizing representation learning to obtain the centrality feature matrix of network traffic data. By encoding centrality for nonlinear proximity information, and incorporating the Laplacian matrix to capture nonlinear structural information in tensor decomposition, the accuracy of anomaly detection is enhanced. Extensive experiments on Abilene and GÈANT network traffic data demonstrate that our proposed algorithm not only achieves higher precision and recall rates in random anomalies but also performs better in detecting anomalous traffic generated by high centrality structures compared to state of art algorithms based on matrix-based anomaly detection and tensor recovery methods.
期刊介绍:
IEEE Transactions on Services Computing encompasses the computing and software aspects of the science and technology of services innovation research and development. It places emphasis on algorithmic, mathematical, statistical, and computational methods central to services computing. Topics covered include Service Oriented Architecture, Web Services, Business Process Integration, Solution Performance Management, and Services Operations and Management. The transactions address mathematical foundations, security, privacy, agreement, contract, discovery, negotiation, collaboration, and quality of service for web services. It also covers areas like composite web service creation, business and scientific applications, standards, utility models, business process modeling, integration, collaboration, and more in the realm of Services Computing.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
