{"title":"结合MIC特征选择和基于特征的MSPCA进行网络流量异常检测","authors":"Zhaomin Chen, C. Yeo, Bu Sung Lee Francis, C. Lau","doi":"10.1109/DIPDMWC.2016.7529385","DOIUrl":null,"url":null,"abstract":"In this paper, we propose a network anomaly detection system which consists of a Maximal Information Coefficient based feature selection algorithm and a feature-based MSPCA detection algorithm, which can separate the anomalous information more efficiently. Maximal Information Coefficient can provide a good information measurement of any dependency between two random variables. MSPCA combines the benefit of PCA and wavelet analysis to reduce the effect of normal subspace contamination, which is the main challenge of PCA-based anomaly detection algorithm. We utilize multiple network flow features to describe the network traffic instead of using only volumes. To evaluate our proposed system, we test it on the DARPA 1999 dataset. The results indicate a large improvement when using our method compared to PCA-based anomaly detection algorithms.","PeriodicalId":298218,"journal":{"name":"2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC)","volume":"209 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"30","resultStr":"{\"title\":\"Combining MIC feature selection and feature-based MSPCA for network traffic anomaly detection\",\"authors\":\"Zhaomin Chen, C. Yeo, Bu Sung Lee Francis, C. Lau\",\"doi\":\"10.1109/DIPDMWC.2016.7529385\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we propose a network anomaly detection system which consists of a Maximal Information Coefficient based feature selection algorithm and a feature-based MSPCA detection algorithm, which can separate the anomalous information more efficiently. Maximal Information Coefficient can provide a good information measurement of any dependency between two random variables. MSPCA combines the benefit of PCA and wavelet analysis to reduce the effect of normal subspace contamination, which is the main challenge of PCA-based anomaly detection algorithm. We utilize multiple network flow features to describe the network traffic instead of using only volumes. To evaluate our proposed system, we test it on the DARPA 1999 dataset. The results indicate a large improvement when using our method compared to PCA-based anomaly detection algorithms.\",\"PeriodicalId\":298218,\"journal\":{\"name\":\"2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC)\",\"volume\":\"209 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-07-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"30\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DIPDMWC.2016.7529385\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 Third International Conference on Digital Information Processing, Data Mining, and Wireless Communications (DIPDMWC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DIPDMWC.2016.7529385","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Combining MIC feature selection and feature-based MSPCA for network traffic anomaly detection
In this paper, we propose a network anomaly detection system which consists of a Maximal Information Coefficient based feature selection algorithm and a feature-based MSPCA detection algorithm, which can separate the anomalous information more efficiently. Maximal Information Coefficient can provide a good information measurement of any dependency between two random variables. MSPCA combines the benefit of PCA and wavelet analysis to reduce the effect of normal subspace contamination, which is the main challenge of PCA-based anomaly detection algorithm. We utilize multiple network flow features to describe the network traffic instead of using only volumes. To evaluate our proposed system, we test it on the DARPA 1999 dataset. The results indicate a large improvement when using our method compared to PCA-based anomaly detection algorithms.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
