Network anomaly detection using a commute distance based approach

Nguyen Lu Dang Khoa; Tahereh Babaie; Sanjay Chawla; Zainab Zaidi

doi:10.1109/ICDMW.2010.90

Network anomaly detection using a commute distance based approach

Nguyen Lu Dang Khoa, Tahereh Babaie, Sanjay Chawla, Zainab Zaidi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Citations (Scopus)

Abstract

We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.

Original language	English
Title of host publication	Proceedings - 10th IEEE International Conference on Data Mining Workshops, ICDMW 2010
Pages	943-950
Number of pages	8
DOIs	https://doi.org/10.1109/ICDMW.2010.90
Publication status	Published - 2010
Externally published	Yes
Event	10th IEEE International Conference on Data Mining Workshops, ICDMW 2010 - Sydney, NSW, Australia Duration: 14 Dec 2010 → 17 Dec 2010

Publication series

Name	Proceedings - IEEE International Conference on Data Mining, ICDM
ISSN (Print)	1550-4786

Conference

Conference	10th IEEE International Conference on Data Mining Workshops, ICDMW 2010
Country/Territory	Australia
City	Sydney, NSW
Period	14/12/10 → 17/12/10

Keywords

Commute distance based approach
Density-based approach
Distance-based approach
Network anomaly detection
Principal component analysis

Access to Document

10.1109/ICDMW.2010.90

Cite this

@inproceedings{669bc0356d8047fe8201a6eb8e4f021b,

title = "Network anomaly detection using a commute distance based approach",

abstract = "We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.",

keywords = "Commute distance based approach, Density-based approach, Distance-based approach, Network anomaly detection, Principal component analysis",

author = "Khoa, {Nguyen Lu Dang} and Tahereh Babaie and Sanjay Chawla and Zainab Zaidi",

year = "2010",

doi = "10.1109/ICDMW.2010.90",

language = "English",

isbn = "9780769542577",

series = "Proceedings - IEEE International Conference on Data Mining, ICDM",

pages = "943--950",

booktitle = "Proceedings - 10th IEEE International Conference on Data Mining Workshops, ICDMW 2010",

note = "10th IEEE International Conference on Data Mining Workshops, ICDMW 2010 ; Conference date: 14-12-2010 Through 17-12-2010",

}

Khoa, NLD, Babaie, T, Chawla, S & Zaidi, Z 2010, Network anomaly detection using a commute distance based approach. in Proceedings - 10th IEEE International Conference on Data Mining Workshops, ICDMW 2010., 5693397, Proceedings - IEEE International Conference on Data Mining, ICDM, pp. 943-950, 10th IEEE International Conference on Data Mining Workshops, ICDMW 2010, Sydney, NSW, Australia, 14/12/10. https://doi.org/10.1109/ICDMW.2010.90

Network anomaly detection using a commute distance based approach. / Khoa, Nguyen Lu Dang; Babaie, Tahereh; Chawla, Sanjay et al.
Proceedings - 10th IEEE International Conference on Data Mining Workshops, ICDMW 2010. 2010. p. 943-950 5693397 (Proceedings - IEEE International Conference on Data Mining, ICDM).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Network anomaly detection using a commute distance based approach

AU - Khoa, Nguyen Lu Dang

AU - Babaie, Tahereh

AU - Chawla, Sanjay

AU - Zaidi, Zainab

PY - 2010

Y1 - 2010

N2 - We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.

AB - We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.

KW - Commute distance based approach

KW - Density-based approach

KW - Distance-based approach

KW - Network anomaly detection

KW - Principal component analysis

UR - http://www.scopus.com/inward/record.url?scp=79951760070&partnerID=8YFLogxK

U2 - 10.1109/ICDMW.2010.90

DO - 10.1109/ICDMW.2010.90

M3 - Conference contribution

AN - SCOPUS:79951760070

SN - 9780769542577

T3 - Proceedings - IEEE International Conference on Data Mining, ICDM

SP - 943

EP - 950

BT - Proceedings - 10th IEEE International Conference on Data Mining Workshops, ICDMW 2010

T2 - 10th IEEE International Conference on Data Mining Workshops, ICDMW 2010

Y2 - 14 December 2010 through 17 December 2010

ER -

Network anomaly detection using a commute distance based approach

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this