Human error tolerant anomaly detection using time-periodic packet sampling

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

This paper focuses on an anomaly detection method that uses a baseline model describing the normal behavior of network traffic as the basis for comparison with the audit network traffic. In the anomaly detection method, an alarm is raised if a pattern in the current network traffic deviates from the baseline model. The baseline model is often trained using normal traffic data extracted from traffic data for which all instances (i.e., packets) are manually labeled by human experts in advance as either normal or anomalous. However, since humans are fallible, some errors are inevitable in labeling traffic data. Therefore, in this paper, we propose an anomaly detection method that is tolerant to human errors in labeling traffic data. The fundamental idea behind the proposed method is to take advantage of the lossy nature of packet sampling for the purpose of correcting/preventing human errors in labeling traffic data. By using real traffic traces, we show that the proposed method can better detect anomalies regarding TCP SYN packets than the method that relies only on human labeling.

Original languageEnglish
Title of host publicationProceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages390-395
Number of pages6
ISBN (Electronic)9781479963867
DOIs
Publication statusPublished - 2014 Mar 9
Externally publishedYes
Event6th International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014 - Salerno, Italy
Duration: 2014 Sep 102014 Sep 12

Other

Other6th International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014
CountryItaly
CitySalerno
Period14/9/1014/9/12

Keywords

  • Anomaly detection
  • Human error
  • Packet sampling

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Human error tolerant anomaly detection using time-periodic packet sampling'. Together they form a unique fingerprint.

  • Cite this

    Uchida, M. (2014). Human error tolerant anomaly detection using time-periodic packet sampling. In Proceedings - 2014 International Conference on Intelligent Networking and Collaborative Systems, IEEE INCoS 2014 (pp. 390-395). [7057120] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/INCoS.2014.17