Human error tolerant anomaly detection using time-periodic packet sampling

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

This paper focuses on an anomaly detection method that uses a baseline model describing the normal behavior of network traffic as the basis for comparison with the audit network traffic. In the anomaly detection method, an alarm is raised if a pattern in the current network traffic deviates from the baseline model. The baseline model is often trained using normal traffic data extracted from traffic data for which all instances (i.e., packets) are manually labeled by human experts in advance as either normal or anomalous. However, since humans are fallible, some errors are inevitable in labeling traffic data. Therefore, in this paper, we propose an anomaly detection method that is tolerant to human errors in labeling traffic data. The fundamental idea behind the proposed method is to take advantage of the lossy nature of packet sampling for the purpose of correcting/preventing human errors in labeling traffic data. By using real traffic traces, we show that the proposed method can better detect anomalies regarding TCP SYN packets than the method that relies only on human labeling.

Original languageEnglish
Title of host publicationProceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages390-395
Number of pages6
ISBN (Electronic)9781479963867
DOIs
Publication statusPublished - 2014 Mar 9
Externally publishedYes
Event6th International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014 - Salerno, Italy
Duration: 2014 Sep 102014 Sep 12

Other

Other6th International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014
CountryItaly
CitySalerno
Period14/9/1014/9/12

Fingerprint

Labeling
Sampling

Keywords

  • Anomaly detection
  • Human error
  • Packet sampling

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications

Cite this

Uchida, M. (2014). Human error tolerant anomaly detection using time-periodic packet sampling. In Proceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014 (pp. 390-395). [7057120] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/INCoS.2014.17

Human error tolerant anomaly detection using time-periodic packet sampling. / Uchida, Masato.

Proceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 390-395 7057120.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Uchida, M 2014, Human error tolerant anomaly detection using time-periodic packet sampling. in Proceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014., 7057120, Institute of Electrical and Electronics Engineers Inc., pp. 390-395, 6th International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014, Salerno, Italy, 14/9/10. https://doi.org/10.1109/INCoS.2014.17
Uchida M. Human error tolerant anomaly detection using time-periodic packet sampling. In Proceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 390-395. 7057120 https://doi.org/10.1109/INCoS.2014.17
Uchida, Masato. / Human error tolerant anomaly detection using time-periodic packet sampling. Proceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 390-395
@inproceedings{49c153a93de94909ae6133207dbdc58e,
title = "Human error tolerant anomaly detection using time-periodic packet sampling",
abstract = "This paper focuses on an anomaly detection method that uses a baseline model describing the normal behavior of network traffic as the basis for comparison with the audit network traffic. In the anomaly detection method, an alarm is raised if a pattern in the current network traffic deviates from the baseline model. The baseline model is often trained using normal traffic data extracted from traffic data for which all instances (i.e., packets) are manually labeled by human experts in advance as either normal or anomalous. However, since humans are fallible, some errors are inevitable in labeling traffic data. Therefore, in this paper, we propose an anomaly detection method that is tolerant to human errors in labeling traffic data. The fundamental idea behind the proposed method is to take advantage of the lossy nature of packet sampling for the purpose of correcting/preventing human errors in labeling traffic data. By using real traffic traces, we show that the proposed method can better detect anomalies regarding TCP SYN packets than the method that relies only on human labeling.",
keywords = "Anomaly detection, Human error, Packet sampling",
author = "Masato Uchida",
year = "2014",
month = "3",
day = "9",
doi = "10.1109/INCoS.2014.17",
language = "English",
pages = "390--395",
booktitle = "Proceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Human error tolerant anomaly detection using time-periodic packet sampling

AU - Uchida, Masato

PY - 2014/3/9

Y1 - 2014/3/9

N2 - This paper focuses on an anomaly detection method that uses a baseline model describing the normal behavior of network traffic as the basis for comparison with the audit network traffic. In the anomaly detection method, an alarm is raised if a pattern in the current network traffic deviates from the baseline model. The baseline model is often trained using normal traffic data extracted from traffic data for which all instances (i.e., packets) are manually labeled by human experts in advance as either normal or anomalous. However, since humans are fallible, some errors are inevitable in labeling traffic data. Therefore, in this paper, we propose an anomaly detection method that is tolerant to human errors in labeling traffic data. The fundamental idea behind the proposed method is to take advantage of the lossy nature of packet sampling for the purpose of correcting/preventing human errors in labeling traffic data. By using real traffic traces, we show that the proposed method can better detect anomalies regarding TCP SYN packets than the method that relies only on human labeling.

AB - This paper focuses on an anomaly detection method that uses a baseline model describing the normal behavior of network traffic as the basis for comparison with the audit network traffic. In the anomaly detection method, an alarm is raised if a pattern in the current network traffic deviates from the baseline model. The baseline model is often trained using normal traffic data extracted from traffic data for which all instances (i.e., packets) are manually labeled by human experts in advance as either normal or anomalous. However, since humans are fallible, some errors are inevitable in labeling traffic data. Therefore, in this paper, we propose an anomaly detection method that is tolerant to human errors in labeling traffic data. The fundamental idea behind the proposed method is to take advantage of the lossy nature of packet sampling for the purpose of correcting/preventing human errors in labeling traffic data. By using real traffic traces, we show that the proposed method can better detect anomalies regarding TCP SYN packets than the method that relies only on human labeling.

KW - Anomaly detection

KW - Human error

KW - Packet sampling

UR - http://www.scopus.com/inward/record.url?scp=84946692517&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84946692517&partnerID=8YFLogxK

U2 - 10.1109/INCoS.2014.17

DO - 10.1109/INCoS.2014.17

M3 - Conference contribution

SP - 390

EP - 395

BT - Proceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -