A holistic review of Network Anomaly Detection Systems: A comprehensive survey

Interfacing the smart cities with cyber-physical systems (CPSs) improves cyber infrastructures while introducing security vulnerabilities that may lead to severe problems such as system failure, privacy violation, and/or issues related to data integrity if security and privacy are not addressed properly. In order for the CPSs of smart cities to be designed with proactive intelligence against such vulnerabilities, anomaly detection approaches need to be employed. This chapter will provide a brief overview of the security vulnerabilities in CPSs of smart cities. Following a thorough discussion on the applicability of conventional anomaly detection schemes in CPSs of smart cities, possible adoption of distributed anomaly detection systems by CPSs of smart cities will be discussed along with a comprehensive survey of the state of the art. The chapter will discuss challenges in tailoring appropriate anomaly detection schemes for CPSs of smart cities and provide insights into future directions for the researchers working in this field.

Download Full-text

Machine Learning Based Network Anomaly Detection

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.d7271.118419 ◽

2019 ◽

Vol 8 (4) ◽

pp. 542-548 ◽

Cited By ~ 1

Keyword(s):

Anomaly Detection ◽

Dynamic Change ◽

Model Performance ◽

Accuracy Score ◽

Traffic Data ◽

Two Phase ◽

Data Set ◽

Detection Systems ◽

Network Anomaly Detection ◽

Tools And Techniques

Network Anomaly Detection Systems (NADSs) play prominent role in network security. Due to dynamic change of malware in network traffic data, traditional tools and techniques are failing to protect networks from attack penetration. In this paper we propose a two-phase model to detect and categorize anomalies. First, we selected Random Forest based on the highest accuracy-score out of eleven commonly used algorithms tested with the same set of data. The RF is used to detect anomalies and generate an extra feature named “attack-or-not”. Secondly we fed Neural Network with the data having “attack-or-not” feature to differentiate attack categories, which will help treating each type accordingly. The model performance was good, it scored 0.99 for both Precision and Recall in anomaly detection phase and 0.93 for Precision and 0.88 for Recall in attack categorization phase. We used UNSW-NB15 data set in our study.

Download Full-text

Visualization of Anomalies using Graph-Based Anomaly Detection

The International FLAIRS Conference Proceedings ◽

10.32473/flairs.v34i1.128554 ◽

2021 ◽

Vol 34 (1) ◽

Author(s):

Ramesh Paudel ◽

Lauren Tharp ◽

Dulce Kaiser ◽

William Eberle ◽

Gerald Gannod

Keyword(s):

Anomaly Detection ◽

Network Traffic ◽

False Positives ◽

Visual Context ◽

Traffic Flows ◽

Security Analysts ◽

Fast Analysis ◽

Detection Systems ◽

Potential Damage ◽

Network Anomaly Detection

Network protocol analyzers such asWireshark are valuable for analyzing network traffic but pose a challenge in that it can be difficult to determine which behaviors are out of the ordinary due to the volume of data that must be analyzed. Network anomaly detection systems can provide vital insights to security analysts to supplement protocol analyzers, but this feedback can be difficult to interpret due to the complexity of the algorithms used and the lack of context to determine the reasoning for which an event was labeled as anomalous. We present an approach for visualizing anomalies using a graph-based anomaly detection methodology that aims to provide visual context to network traffic. We demonstrate the approach using network traffic flows as an approach for aiding in the investigation and triage of anomalous network events. The simplicity of a visual representation supports fast analysis of anomalous traffic to identify true positives from false positives and prevent further potential damage.

Download Full-text