Unsupervised ensemble anomaly detection through time-periodical packet sampling

Shuichi Nawata*, Masato Uchida, Yu Gu, Masato Tsuru, Yuji Oie

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)


We propose an anomaly detection method that trains a baseline model describing the normal behavior of network traffic without using manually labeled traffic data. The trained baseline model is used as the basis for comparison with the audit network traffic. The proposed method can be carried out in an unsupervised manner through the use of time-periodical packet sampling for a different purpose from which it was intended. That is, we take advantage of the lossy nature of packet sampling for the purpose of extracting normal packets from the unlabeled original traffic data. By using real traffic traces, we show that the proposed method is comparable in terms of false positive and false negative rates on detecting anomalies regarding TCP SYN packets to the conventional method that requires manually labeled traffic data to train the baseline model. In addition, in order to mitigate the possible performance variation due to probabilistic nature of sampled traffic data, we devise an ensemble anomaly detection method that exploits multiple baseline models in parallel. Experimental results show that the proposed ensemble anomaly detection performs well and is not affected by the variability of time-periodical packet sampling.

Original languageEnglish
Title of host publicationINFOCOM 2010 - IEEE Conference on Computer Communications Workshops
Publication statusPublished - 2010 Jun 29
Externally publishedYes
EventIEEE Conference on Computer Communications Workshops, INFOCOM 2010 - San Diego, CA, United States
Duration: 2010 Mar 152010 Mar 19

Publication series

NameProceedings - IEEE INFOCOM
ISSN (Print)0743-166X


OtherIEEE Conference on Computer Communications Workshops, INFOCOM 2010
Country/TerritoryUnited States
CitySan Diego, CA

ASJC Scopus subject areas

  • Computer Science(all)
  • Electrical and Electronic Engineering


Dive into the research topics of 'Unsupervised ensemble anomaly detection through time-periodical packet sampling'. Together they form a unique fingerprint.

Cite this