research-article

Network traffic anomaly detection method based on multi-scale residual classifier

Authors:

Kun WangAuthors Info & Claims

Volume 198, Issue C

Pages 206 - 216

https://doi.org/10.1016/j.comcom.2022.10.024

Published: 15 January 2023 Publication History

Abstract

In view of the current research seldom consider the multi-scale characteristics of network traffic, which may lead to an inaccurate classification of anomalies and a high false alarm rate. In this paper, a network traffic anomaly detection method based on the multi-scale residual classifier (MSRC) is proposed. We use sliding windows to divide the network traffic into subsequences with different observation scales, use the wavelet transform technology to obtain the time–frequency information of each subsequence on multiple decomposition scales, design a stacked automatic encoder (SAE) to learn the distribution of input data, calculate the reconstruction error vector by using the constructed feature space, and learn the feature information of different scales in the reconstruction error vector by using the multipath residual group, and complete traffic anomaly detection through the lightweight classifier. Experimental results show that the detection performance of the proposed method for abnormal network traffic is improved compared with the traditional method. It is proved that large observation scales and more transformation scales have positive effects on discovering the potential diversity information in the original network traffic.

References

[1]

Yuan X., He P., Zhu Q., Li X., Adversarial examples: Attacks and defenses for deep learning, IEEE Trans. Neural Netw. Learn. Syst. 30 (9) (2019) 2805–2824,.

[2]

Jamali S., Jafarzadeh P., An intelligent intrusion detection system by using hierarchically structured learning automata, Neural Comput. Appl. 28 (5) (2017) 1001–1008.

[3]

Al-Sanjary O.I., Roslan M.A.B., Helmi R.A.A., Ahmed A.A., Comparison and detection analysis of network traffic datasets using k-means clustering algorithm, J. Inf. Knowl. Manag. 19 (03) (2020).

[4]

N. Parmar, A. Sharma, H. Jain, A. Kadam, Email spam detection using naïve bayes and particle swarm optimization Volume 6 (2020) 367–373.

[5]

Hong-cheng L., Xiao-ping W., Hong-hai J., Traffic anomaly detection method in networks based on improved clustering algorithm, Chin. J. Netw. Inf. Secur. 1 (1) (2016) 66–71.

[6]

Jain M., Kaur G., Saxena V., A k-means clustering and svm based hybrid concept drift detection technique for network anomaly detection, Expert Syst. Appl. 193 (2022),.

Digital Library

[7]

Tong D., Qu Y.R., Prasanna V.K., Accelerating decision tree based traffic classification on fpga and multicore platforms, IEEE Trans. Parallel Distrib. Syst. 28 (11) (2017) 3046–3059,.

[8]

Hooshmand M.K., Hosahalli D., Network anomaly detection using deep learning techniques, CAAI Trans. Intell. Technol. 7 (2) (2022) 228–243,.

Digital Library

[9]

Albahar M., Recurrent neural network model based on a new regularization technique for real-time intrusion detection in sdn environments, Secur. Commun. Netw. 2019 (2019) 1–9,.

Digital Library

[10]

Khan M., Wang H., Riaz A., Elfatyany A., Karim S., Bidirectional lstmrnn-based hybrid deep learning frameworks for univariate time series classification, J. Supercomput. 77 (7) (2021) 7021–7045.

[11]

Goodfellow I., Pouget-Abadie J., Mirza M., Xu B., Warde-Farley D., Ozair S., Courville A., Bengio Y., Generative adversarial nets, in: Advances in Neural Information Processing Systems, Vol. 27, Curran Associates, Inc., 2014.

[12]

Li D., Chen D., Jin B., Shi L., Goh J., Ng S.-K., Mad-gan: Multivariate anomaly detection for time series data with generative adversarial networks, in: Artificial Neural Networks and Machine Learning – ICANN 2019, Springer International Publishing, 2019, pp. 703–716.

[13]

Geiger A., Liu D., Alnegheimish S., Cuesta-Infante A., Veeramachaneni K., Tadgan: Time series anomaly detection using generative adversarial networks, in: 2020 IEEE International Conference on Big Data (Big Data), 2020, pp. 33–43,.

[14]

Patil R., Sachidananda V., Peng H., Sachdeva A., Gurusamy M., Mark: Fill in the blanks through a jointgan based data augmentation for network anomaly detection, Comput. Secur. 119 (2022),.

Digital Library

[15]

Barford P., Kline J., Plonka D., Ron A., A signal analysis of network traffic anomalies, in: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment, IMW ’02, Association for Computing Machinery, New York, NY, USA, 2002, pp. 71–82,.

Digital Library

[16]

Wang J., Wang Z., Li J., Wu J., Multilevel wavelet decomposition network for interpretable time series analysis, in: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery Amp; Data Mining, KDD ’18, Association for Computing Machinery, New York, NY, USA, 2018, pp. 2437–2446,.

Digital Library

[17]

Chouhan N., Khan A., ur Rasheed Khan H., Network anomaly detection using channel boosted and residual learning based deep convolutional neural network, Appl. Soft Comput. 83 (2019),.

Digital Library

[18]

Cheng M., Li Q., Lv J., Liu W., Wang J., Multi-scale lstm model for bgp anomaly classification, IEEE Trans. Serv. Comput. 14 (3) (2021) 765–778,.

[19]

Lv F., Wen C., Bao Z., Liu M., Fault diagnosis based on deep learning, in: 2016 American Control Conference, ACC, 2016, pp. 6851–6856,.

[20]

Hinton G.E., Osindero S., Teh Y.W., A fast learning algorithm for deep belief nets, Neural Comput. 18 (7) (2006) 1527–1554.

Digital Library

[21]

Xie S., Girshick R., Dollár P., Tu Z., He K., Aggregated residual transformations for deep neural networks, in: 2017 IEEE Conference on Computer Vision and Pattern Recognition, CVPR, 2017, pp. 5987–5995,.

[22]

Rosà A., Chen L.Y., Binder W., Failure analysis and prediction for bigdata systems, IEEE Trans. Serv. Comput. 10 (6) (2017) 984–998,.

[23]

P. Malhotra, L. Vig, G. Shroff, P. Agarwal, et al., Long short term memory networks for anomaly detection in time series, in: Proceedings, Vol. 89, 2015, pp. 89–94.

[24]

Zong Bo, Song Qi, Min Martin Renqiang, et al., Deep autoencoding Gaussian mixture model for unsupervised anomaly detection, in: 2018 International Conference on Learning Representations, ICLR, 2018, pp. 1–19.

[25]

Chouhan N., Khan A., Network anomaly detection using channel boosted and residual learning based deep convolutional neural network, Appl. Soft Comput. 83 (2019).

Digital Library

[26]

Brynielsson J., Sharma R., Detectability of low-rate HTTP server DoS attacks using spectral analysis, in: Proceedings of 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM, IEEE, 2015, pp. 954–961.

[27]

He Y.X., Cao Q., Liu T., et al., A low-rate DoS detection method based on feature extraction using wavelet transform, J. Softw. 20 (04) (2009) 930–941.

[28]

Fouladi R.F., Ermiş O., Anarim E., A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN, Comput. Netw. 214 (2022).

Digital Library

[29]

Pei J., Zhong K., Jan M.A., et al., Personalized federated learning framework for network traffic anomaly detection, Comput. Netw. 209 (2022).

[30]

Yang D., Hwang M., Unsupervised and ensemble-based anomaly detection method for network security, in: Proceedings of 2022 14th International Conference on Knowledge and Smart Technology, KST, IEEE, 2022, pp. 75–79.

[31]

Patil R., Biradar R., Ravi V., et al., Network traffic anomaly detection using PCA and BiGAN, Internet Technol. Lett. 5 (1) (2022).

[32]

Yang S.U., Anomaly traffic detection based on LSTM, in: Proceedings of 2022 IEEE 10th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), Vol. 10, IEEE, 2022, pp. 667–670.

[33]

Ullah I., Mahmoud Q.H., Design and development of RNN anomaly detection model for IoT networks, IEEE Access 10 (2022) 62722–62750.

Cited By

Wang W(2025)Abnormal traffic detection for Internet of Things based on an improved Residual NetworkPhysical Communication10.1016/j.phycom.2024.10240666:COnline publication date: 7-Jan-2025
https://dl.acm.org/doi/10.1016/j.phycom.2024.102406
Liu TFu YWang KDuan XWu Q(2025)A multiscale approach for network intrusion detection based on variance–covariance subspace distance and EQL v2Computers and Security10.1016/j.cose.2024.104173148:COnline publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1016/j.cose.2024.104173
da Silva Ruffo VBrandão Lent DKomarchesqui MSchiavon Vde Assis MCarvalho LProença M(2024)Anomaly and intrusion detection using deep learning for software-defined networksExpert Systems with Applications: An International Journal10.1016/j.eswa.2024.124982256:COnline publication date: 5-Dec-2024
https://dl.acm.org/doi/10.1016/j.eswa.2024.124982
Show More Cited By

Index Terms

Network traffic anomaly detection method based on multi-scale residual classifier
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Supervised learning
        Supervised learning by classification
    2. Machine learning approaches
      1. Classification and regression trees
2. Networks
  1. Network services
    1. Network monitoring

Index terms have been assigned to the content through auto-classification.

Recommendations

Network Anomaly Detection Based on Traffic Prediction
SCALCOM-EMBEDDEDCOM '09: Proceedings of the 2009 International Conference on Scalable Computing and Communications; Eighth International Conference on Embedded Computing

As the development of Internet, it is more and more difficult to detect anomaly promptly and precisely. In this paper, we proposed an anomaly detection algorithm based on the predicting of multi-level wavelet detail signals synchronously. Firstly, ...
A Wavelet-Based Detection Approach to Traffic Anomalies
CIS '11: Proceedings of the 2011 Seventh International Conference on Computational Intelligence and Security

Anomaly traffic often breaks out without any omen and brings a breakdown to networks in a short time, and thus the adaptive detection of anomalies in network traffic is an important and challenging task. In this paper, we propose a wavelet-based ...
RETRACTED: Personalized federated learning framework for network traffic anomaly detection
This article has been retracted: please see Elsevier Policy on Article Withdrawal ().
This article has been retracted at the request of the Authors.
The outcomes of the experiments were obtained with a single ...

Comments

Information & Contributors

Information

Published In

cover image Computer Communications

Computer Communications Volume 198, Issue C

Jan 2023

298 pages

ISSN:0140-3664

Issue’s Table of Contents

Elsevier B.V.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 15 January 2023

Author Tag

94-00

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang W(2025)Abnormal traffic detection for Internet of Things based on an improved Residual NetworkPhysical Communication10.1016/j.phycom.2024.10240666:COnline publication date: 7-Jan-2025
https://dl.acm.org/doi/10.1016/j.phycom.2024.102406
Liu TFu YWang KDuan XWu Q(2025)A multiscale approach for network intrusion detection based on variance–covariance subspace distance and EQL v2Computers and Security10.1016/j.cose.2024.104173148:COnline publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1016/j.cose.2024.104173
da Silva Ruffo VBrandão Lent DKomarchesqui MSchiavon Vde Assis MCarvalho LProença M(2024)Anomaly and intrusion detection using deep learning for software-defined networksExpert Systems with Applications: An International Journal10.1016/j.eswa.2024.124982256:COnline publication date: 5-Dec-2024
https://dl.acm.org/doi/10.1016/j.eswa.2024.124982
Gao MWu LLi QChen W(2023)Anomaly traffic detection in IoT security using graph neural networksJournal of Information Security and Applications10.1016/j.jisa.2023.10353276:COnline publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1016/j.jisa.2023.103532

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents