基于核密度估计的鲁棒特征选择互联网流量异常检测

2015 European Conference on Networks and Communications (EuCNC) Pub Date : 2015-08-13 DOI:10.1109/EuCNC.2015.7194122

Sara Faria Leal, M. D. L. Oliveira, R. Valadas

{"title":"基于核密度估计的鲁棒特征选择互联网流量异常检测","authors":"Sara Faria Leal, M. D. L. Oliveira, R. Valadas","doi":"10.1109/EuCNC.2015.7194122","DOIUrl":null,"url":null,"abstract":"Anomaly detection of Internet traffic is a network service of primary importance, given the constant threats that impinge on Internet security. From a statistical perspective, traffic anomalies can be considered outliers, and must be handled through effective outlier detection methods, for which feature selection is an important pre-processing step. Feature selection removes the redundant and irrelevant features from the detection process, increasing its performance. In this work, we consider outlier detection based on principal component analysis, and feature selection based on mutual information. Moreover, we address the use of kernel density estimation (KDE) to estimate themutual information, which is designed for continuous features, and avoids the discretization step of histograms. Our results, obtained using a high-quality ground-truth, clearly show the usefulness of feature selection and the superiority of KDE to estimate the mutual information, in the context of Internet traffic anomaly detection.","PeriodicalId":310313,"journal":{"name":"2015 European Conference on Networks and Communications (EuCNC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Anomaly detection of Internet traffic using robust feature selection based on kernel density estimation\",\"authors\":\"Sara Faria Leal, M. D. L. Oliveira, R. Valadas\",\"doi\":\"10.1109/EuCNC.2015.7194122\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Anomaly detection of Internet traffic is a network service of primary importance, given the constant threats that impinge on Internet security. From a statistical perspective, traffic anomalies can be considered outliers, and must be handled through effective outlier detection methods, for which feature selection is an important pre-processing step. Feature selection removes the redundant and irrelevant features from the detection process, increasing its performance. In this work, we consider outlier detection based on principal component analysis, and feature selection based on mutual information. Moreover, we address the use of kernel density estimation (KDE) to estimate themutual information, which is designed for continuous features, and avoids the discretization step of histograms. Our results, obtained using a high-quality ground-truth, clearly show the usefulness of feature selection and the superiority of KDE to estimate the mutual information, in the context of Internet traffic anomaly detection.\",\"PeriodicalId\":310313,\"journal\":{\"name\":\"2015 European Conference on Networks and Communications (EuCNC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-08-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 European Conference on Networks and Communications (EuCNC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EuCNC.2015.7194122\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 European Conference on Networks and Communications (EuCNC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuCNC.2015.7194122","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

鉴于互联网安全面临的威胁不断，对互联网流量进行异常检测是一项至关重要的网络服务。从统计学的角度来看，交通异常可以视为异常点，必须通过有效的异常点检测方法进行处理，其中特征选择是重要的预处理步骤。特征选择从检测过程中去除了冗余和不相关的特征，提高了检测的性能。在这项工作中，我们考虑了基于主成分分析的离群点检测和基于互信息的特征选择。此外，我们解决了使用核密度估计(KDE)来估计相互信息的问题，该方法是针对连续特征设计的，避免了直方图的离散化步骤。在互联网流量异常检测的背景下，我们使用高质量的真值获得的结果清楚地显示了特征选择的有用性和KDE在估计互信息方面的优越性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Anomaly detection of Internet traffic using robust feature selection based on kernel density estimation

Anomaly detection of Internet traffic is a network service of primary importance, given the constant threats that impinge on Internet security. From a statistical perspective, traffic anomalies can be considered outliers, and must be handled through effective outlier detection methods, for which feature selection is an important pre-processing step. Feature selection removes the redundant and irrelevant features from the detection process, increasing its performance. In this work, we consider outlier detection based on principal component analysis, and feature selection based on mutual information. Moreover, we address the use of kernel density estimation (KDE) to estimate themutual information, which is designed for continuous features, and avoids the discretization step of histograms. Our results, obtained using a high-quality ground-truth, clearly show the usefulness of feature selection and the superiority of KDE to estimate the mutual information, in the context of Internet traffic anomaly detection.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 European Conference on Networks and Communications (EuCNC)

自引率

0.00%

发文量