Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/3469968.3469975acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicbdcConference Proceedingsconference-collections
research-article

Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks

Published: 06 October 2021 Publication History

Abstract

Network flow data can be used to detect network attacks which manifest deviations from profiles of normal network flows. This paper presents several measures of network flows to detect network attacks. These network flow measures are established from an analytical study of network flow data from benign network activities and network attacks provided by Canadian Institute of Cybersecurity. Both univariate and multivariate analyses of network flow data are carried out to examine differences between benign network activities and network attacks in univariate frequency distributions and multivariate data associations of network flow variables. The univariate measure of network flows is established to detect network attacks using a measure of distribution difference and the number of network flow variables showing the distribution difference greater than a certain threshold. The multivariate measure of network flows are established to detect network attacks using the number of network flow variables smaller than a certain threshold and the absence of certain network flow variables in conditional variable values of multivariate data associations.

References

[1]
Ye, N. 2008. Secure Computer and Network Systems: Modeling, Analysis and Design. John Wiley & Sons, London, UK.
[2]
Chandola, V., Banerjee, A., and Kumar, V. 2009. Anomaly detection: A survey. ACM Computing Surveys 41, 3, Article 15.
[3]
Sharafaldin, I., Habibi Lashkari, A., and Ghorbani, A. A. 2018. Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), Purtogal, January 2018. http://www.scitepress.org/Papers/2018/66398/66398.pdf
[4]
Sharafaldin, I., Gharib, A., Habibi Lashkari, A., and Ghorbani, A. A. 2017. Towards a reliable intrusion detection benchmark dataset. Software Networking, 2017, 177–200.
[5]
Ye, N. 2017a. Analytical techniques for anomaly detection through features, signal-noise separation and partial-value associations. In Proceedings of Machine Learning Research, 77, 20-32.
[6]
Ye, N. 2017b. The partial-value association discovery algorithm to learn multi-layer structural system models from system data. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 47, 12, 3377-3385.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICBDC '21: Proceedings of the 6th International Conference on Big Data and Computing
May 2021
218 pages
ISBN:9781450389808
DOI:10.1145/3469968
© 2021 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the United States Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 October 2021

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Network flow data
  2. Network intrusion detection
  3. Univariate and multivariate data analysis

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ICBDC 2021

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 22
    Total Downloads
  • Downloads (Last 12 months)3
  • Downloads (Last 6 weeks)0
Reflects downloads up to 28 Jan 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media