Anomaly Detection and Attribution in Network
K Viswak Raj1, M Mukesh2, J.Kalaivani3
1K Viswak Raj*, Dept of Computer Science and Engineering, SRM In-stitute of Science and Technology Chennai. India.
2M Mukesh, Dept of Computer Science and Engineering, SRM Institute of Science and Technology Chennai. India.
3Dr. J.Kalaivani, Dept of Computer Science and Engineering, SRM Institute of Science and Technology Chennai. India.
Manuscript received on April 18, 2020. | Revised Manuscript received on July 22, 2020. | Manuscript published on April 30, 2020. | PP: 686-687 | Volume-9 Issue-4, April 2020. | Retrieval Number: C6216029320/2020©BEIESP | DOI: 10.35940/ijeat.C6216.049420
Open Access | Ethics and Policies | Cite | Mendeley
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: In this article, we address the problem of not only id entifying phenomena, but also attributing the phenomenon to the movement that induces it. This causes to a combinatorial optimisation problem, which is prohibitively expensive. Instead we design two anomaly detection algorithms that are small in complexity. The first is based on the system for cross-entropy (CE), which identifies flow anomalies and labels flow anomalies. The second algorithm detects anomalies through GLRT on aggregated flow transformation a compact low-dimensional representation of raw traffic flows. The two algorithms complement each other and allow the network operator to use the algorithm for flow aggregation first so that device irregularities can be identified easily. After discovery of an exception, the user Can analyse further that individual flows are anomalous using CE-based algorithm. We perform extensive performance tests and trials on synthetic and semi-synthetic data with our algorithms, as well as real Internet traffic data gathered from the MAWI database, and finally make recommendations as to their usability.
Keywords: Cross-entropy (CE), MAWI.