scholarly journals Multiresolution dendritic cell algorithm for network anomaly detection

2021 ◽  
Vol 7 ◽  
pp. e749
Author(s):  
David Limon-Cantu ◽  
Vicente Alarcon-Aquino
Keyword(s):  
Information Systems ◽  
Dendritic Cell ◽  
Anomaly Detection ◽  
State Of The Art ◽  
Denial Of Service ◽  
Series Data ◽  
Time Frequency ◽  
Computer Services ◽  
Dendritic Cell Algorithm ◽  
Network Anomaly Detection

Anomaly detection in computer networks is a complex task that requires the distinction of normality and anomaly. Network attack detection in information systems is a constant challenge in computer security research, as information systems provide essential services for enterprises and individuals. The consequences of these attacks could be the access, disclosure, or modification of information, as well as denial of computer services and resources. Intrusion Detection Systems (IDS) are developed as solutions to detect anomalous behavior, such as denial of service, and backdoors. The proposed model was inspired by the behavior of dendritic cells and their interactions with the human immune system, known as Dendritic Cell Algorithm (DCA), and combines the use of Multiresolution Analysis (MRA) Maximal Overlap Discrete Wavelet Transform (MODWT), as well as the segmented deterministic DCA approach (S-dDCA). The proposed approach is a binary classifier that aims to analyze a time-frequency representation of time-series data obtained from high-level network features, in order to classify data as normal or anomalous. The MODWT was used to extract the approximations of two input signal categories at different levels of decomposition, and are used as processing elements for the multi resolution DCA. The model was evaluated using the NSL-KDD, UNSW-NB15, CIC-IDS2017 and CSE-CIC-IDS2018 datasets, containing contemporary network traffic and attacks. The proposed MRA S-dDCA model achieved an accuracy of 97.37%, 99.97%, 99.56%, and 99.75% for the tested datasets, respectively. Comparisons with the DCA and state-of-the-art approaches for network anomaly detection are presented. The proposed approach was able to surpass state-of-the-art approaches with UNSW-NB15 and CSECIC-IDS2018 datasets, whereas the results obtained with the NSL-KDD and CIC-IDS2017 datasets are competitive with machine learning approaches.

scholarly journals Information fusion for anomaly detection with the dendritic cell algorithm

2010 ◽  
Vol 11 (1) ◽  
pp. 21-34 ◽  
Author(s):  
Julie Greensmith ◽  
Uwe Aickelin ◽  
Gianni Tedesco
Keyword(s):  
Dendritic Cell ◽  
Anomaly Detection ◽  
Information Fusion ◽  
Dendritic Cell Algorithm

scholarly journals Deep Semisupervised Learning-Based Network Anomaly Detection in Heterogeneous Information Systems

2022 ◽  
Vol 70 (1) ◽  
pp. 413-431
Author(s):  
Nazarii Lutsiv ◽  
Taras Maksymyuk ◽  
Mykola Beshley ◽  
Orest Lavriv ◽  
Volodymyr Andrushchak ◽  
...  
Keyword(s):  
Information Systems ◽  
Anomaly Detection ◽  
Semisupervised Learning ◽  
Heterogeneous Information ◽  
Heterogeneous Information Systems ◽  
Network Anomaly Detection

scholarly journals Towards Bio-Inspired Anomaly Detection Using the Cursory Dendritic Cell Algorithm

Algorithms ◽  
2021 ◽  
Vol 15 (1) ◽  
pp. 1
Author(s):  
Carlos Pinto ◽  
Rui Pinto ◽  
Gil Gonçalves
Keyword(s):  
Dendritic Cell ◽  
Anomaly Detection ◽  
Production Systems ◽  
Detection System ◽  
Artificial Immune Systems ◽  
Object Oriented ◽  
Research Area ◽  
Detection Problem ◽  
Network Intrusion ◽  
Dendritic Cell Algorithm

The autonomous and adaptable identification of anomalies in industrial contexts, particularly in the physical processes of Cyber-Physical Production Systems (CPPS), requires using critical technologies to identify failures correctly. Most of the existing solutions in the anomaly detection research area do not consider such systems’ dynamics. Due to the complexity and multidimensionality of CPPS, a scalable, adaptable, and rapid anomaly detection system is needed, considering the new design specifications of Industry 4.0 solutions. Immune-based models, such as the Dendritic Cell Algorithm (DCA), may provide a rich source of inspiration for detecting anomalies, since the anomaly detection problem in CPPS greatly resembles the functionality of the biological dendritic cells in defending the human body from hazardous pathogens. This paper tackles DCA limitations that may compromise its usage in anomaly detection applications, such as the manual characterization of safe and danger signals, data analysis not suitable for online classification, and the lack of an object-oriented implementation of the algorithm. The proposed approach, the Cursory Dendritic Cell Algorithm (CDCA), is a novel variation of the DCA, developed to be flexible and monitor physical industrial processes continually while detecting anomalies in an online fashion. This work’s contribution is threefold. First, it provides a comprehensive review of Artificial Immune Systems (AIS), focusing on AIS applied to the anomaly detection problem. Then, a new object-oriented architecture for the DCA implementation is described, enabling the modularity and abstraction of the algorithm stages into different classes (modules). Finally, the CDCA for the anomaly detection problem is proposed. The CDCA was successfully validated in two industrial-oriented dataset benchmarks for physical anomaly and network intrusion detection, the Skoltech Anomaly Benchmark (SKAB) and M2M using OPC UA. When compared to other algorithms, the proposed approach exhibits promising classification results. It was placed fourth on the SKAB scoreboard and presented a competitive performance with the incremental Dendritic Cell Algorithm (iDCA).

scholarly journals Model fusion of deep neural networks for anomaly detection

2021 ◽  
Vol 8 (1) ◽  
Author(s):  
Nouar AlDahoul ◽  
Hezerul Abdul Karim ◽  
Abdulaziz Saleh Ba Wazir
Keyword(s):  
Neural Networks ◽  
Anomaly Detection ◽  
Network Traffic ◽  
Large Scale ◽  
Deep Neural Networks ◽  
Denial Of Service ◽  
Traffic Data ◽  
Model Fusion ◽  
Class Weight ◽  
Network Anomaly Detection

AbstractNetwork Anomaly Detection is still an open challenging task that aims to detect anomalous network traffic for security purposes. Usually, the network traffic data are large-scale and imbalanced. Additionally, they have noisy labels. This paper addresses the previous challenges and utilizes million-scale and highly imbalanced ZYELL’s dataset. We propose to train deep neural networks with class weight optimization to learn complex patterns from rare anomalies observed from the traffic data. This paper proposes a novel model fusion that combines two deep neural networks including binary normal/attack classifier and multi-attacks classifier. The proposed solution can detect various network attacks such as Distributed Denial of Service (DDOS), IP probing, PORT probing, and Network Mapper (NMAP) probing. The experiments conducted on a ZYELL’s real-world dataset show promising performance. It was found that the proposed approach outperformed the baseline model in terms of average macro Fβ score and false alarm rate by 17% and 5.3%, respectively.

scholarly journals A DOUBLE-SHRINK AUTOENCODER FOR NETWORK ANOMALY DETECTION

2020 ◽  
Vol 36 (2) ◽  
pp. 159-172
Author(s):  
Cong Thanh Bui ◽  
Loi Cao Van ◽  
Minh Hoang ◽  
Quang Uy Nguyen
Keyword(s):  
Machine Learning ◽  
Anomaly Detection ◽  
State Of The Art ◽  
The State ◽  
The Internet ◽  
Learning Methods ◽  
Network Attacks ◽  
Machine Learning Methods ◽  
Pull Out ◽  
Network Anomaly Detection

The rapid development of the Internet and the wide spread of its applications has affected many aspects of our life. However, this development also makes the cyberspace more vulnerable to various attacks. Thus, detecting and preventing these attacks are crucial for the next development of the Internet and its services. Recently, machine learning methods have been widely adopted in detecting network attacks. Among many machine learning methods, AutoEncoders (AEs) are known as the state-of-the-art techniques for network anomaly detection. Although, AEs have been successfully applied to detect many types of attacks, it is often unable to detect some difficult attacks that attempt to mimic the normal network traffic. In order to handle this issue, we propose a new model based on AutoEncoder called Double-Shrink AutoEncoder (DSAE). DSAE put more shrinkage on the normal data in the middle hidden layer. This helps to pull out some anomalies that are very similar to normal data. DSAE are evaluated on six well-known network attacks datasets. The experimental results show that our model performs competitively to the state-of-the-art model, and often out-performs this model on the attacks group that is difficult for the previous methods.

Sign in / Sign up

Export Citation Format

Share Document