NADO: network anomaly detection using outlier approach

Authors:
Monowar H. Bhuyan;D. K. Bhattacharyya;J. K. Kalita
Affiliations:
Tezpur University, Tezpur, Assam, India;Tezpur University, Tezpur, Assam, India;University of Colorado, Colorado Springs, CO
Venue:
Proceedings of the 2011 International Conference on Communication, Computing & Security
Year:
2011

Citing 10
Cited 2

LOF: identifying density-based local outliers

SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Pattern Recognition with Fuzzy Objective Function Algorithms

Pattern Recognition with Fuzzy Objective Function Algorithms
Mining distance-based outliers in near linear time with randomization and a simple pruning rule

Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
An Efficient Reference-Based Approach to Outlier Detection in Large Datasets

ICDM '06 Proceedings of the Sixth International Conference on Data Mining
Data mining approaches for intrusion detection

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A Novel Covariance Matrix Based Approach for Detecting Network Anomalies

CNSR '08 Proceedings of the Communication Networks and Services Research Conference
A Novel Outlier Detection Scheme for Network Intrusion Detection Systems

ISA '08 Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)
Critical Study of Supervised Learning Techniques in Predicting Attacks

Information Security Journal: A Global Perspective
Anomaly detection in IP networks

IEEE Transactions on Signal Processing
Toward Automated Anomaly Identification in Large-Scale Systems

IEEE Transactions on Parallel and Distributed Systems

An effective unsupervised network anomaly detection method

Proceedings of the International Conference on Advances in Computing, Communications and Informatics
A DDoS attack detection mechanism based on protocol specific traffic features

Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anomaly detection, which is an important task in any Network Intrusion Detection System (NIDS), enables discovery of known as well as unknown attacks. Anomaly detection using outlier approach is a successful network anomaly identification technique. In this paper, we describe NADO (Network Anomaly Detection using Outlier approach), an effective outlier based approach for detection of anomalies in networks. It initially clusters the normal data using a variant of the k-means clustering technique for high dimensional data. Then it calculates the reference point from each cluster and builds profiles for each cluster. Finally, it calculates the score for each candidate point w.r.t the reference points and reports as anomaly if it exceeds a user defined threshold value. We evaluate the performance of our approach with KDDcup99 intrusion dataset and other real life datasets. We show that NADO has high detection rate and low false positive rate.