Please use this identifier to cite or link to this item:
http://hdl.handle.net/10125/60150
Comparison of Supervised and Unsupervised Learning for Detecting Anomalies in Network Traffic
Item Summary
Title: | Comparison of Supervised and Unsupervised Learning for Detecting Anomalies in Network Traffic |
Authors: | McAndrew, Robert Hayne, Stephen Wang, Haonan |
Keywords: | Cyber Threat Intelligence and Analytics Software Technology Circle Plots, FPCA, Machine Learning, Network Anomaly Detection |
Date Issued: | 08 Jan 2019 |
Abstract: | Adversaries are always probing for vulnerable spots on the Internet so they can attack their target. By examining traffic at the firewall, we can look for anomalies that may represent these probes. To help select the right techniques we conduct comparisons of supervised and unsupervised machine learning on network flows to find sets of outliers flagged as potential threats. We apply Functional PCA and K-Means together versus Multilayer Perceptron on a real-world dataset of traffic prior to an NTP DDoS attack in January 2014; scanning activity was heightened during this pre-attack period. We partition data to evaluate detection powers of each technique and show that FPCA+Kmeans outperforms MLP. We also present a new variation of the circle plot for visualization of resulting outliers which we suggest excels at displaying multidimensional attributes of an individual IP's behavior over time. In small multiples, circle plots show a gestalt overview of traffic. |
Pages/Duration: | 10 pages |
URI: | http://hdl.handle.net/10125/60150 |
ISBN: | 978-0-9981331-2-6 |
DOI: | 10.24251/HICSS.2019.857 |
Rights: | Attribution-NonCommercial-NoDerivatives 4.0 International https://creativecommons.org/licenses/by-nc-nd/4.0/ |
Appears in Collections: |
Cyber Threat Intelligence and Analytics |
Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.
This item is licensed under a Creative Commons License