Home Research Network Anomaly Detection

 

Network Anomaly Detection  
     
 

Anomaly detection systems flag observed activities that deviate significantly from the established normal usage profiles as anomalies. This paradigm takes the attitude that something that is abnormal is probably suspicious.

  
Current Members:
 

Mahbod Tavallaee


 
Previous Members:
 

Wei Lu

  

 

Overview


Traditional anomaly detection approaches tend to generate a large number of false alerts due to lack of proper features and inherent weakness of anomaly detection algorithms. Features are usually selected or created for characterizing behaviours of networks, users or systems. Anomaly detection algorithms are then developed and applied on modelling these features and reporting alerts according to some decision strategies.

In order to reduce the number of false alerts, alert correlation was proposed. In alert correlation, multiple components with the purpose of analyzing alerts provide a high level insight view on the security state of the network under surveillance, and thus offering a potential to release system administrators from the large number of false alerts. Nevertheless, a major limitation of alert correlation is that it neglects the inherent cause of large number of false alerts even though it can do to reduce the number of false positives through some correlation techniques. In this project, we address this limitation and propose a multi agent based anomaly detection system, including a large number of different detection agents and varioius features from differnt sources. The main goal of this project is to obtain the minimum number of false alerts through the system's self-learning capability.

Related Publications


Wei Lu and Ali A. Ghorbani. "Network Anomaly Detection Based on Wavelet Analysis". Accepted by EURASIP Journal on Advances in Signal Processing, in press, volume 2009 (2009), article ID 837601, 16 pages, doi:10.1155/2009/837601. [PDF]

Wei Lu, Mahbod Tavallaee and Ali. A. Ghorbani. "Detecting Network Anomalies Using Different Wavelet Basis Functions." Proceedings of 6th Annual Conference on Communication Networks and Services Research (CNSR 2008), Halifax, Nova Scotia, pp. 149-156, 2008. [PDF]

 Mahbod Tavallaee, Wei Lu, Arif Iqbal and Ali A. Ghorbani. "A Novel Covariance Matrix Based Approach for Detecting Network Anomalies." Proceedings of 6th Annual Conference on Communication Networks and Services Research (CNSR 2008), Halifax, Nova Scotia, pp. 75-81, 2008. [PDF]