Journal of the Korea Academia-Industrial cooperation Society (한국산학기술학회논문지)

The Korea Academia-Industrial cooperation Society (한국산학기술학회)
권호 표지
DOI QR코드

DOI QR Code

Traffic Anomaly Identification Using Multi-Class Support Vector Machine

다중 클래스 SVM을 이용한 트래픽의 이상패턴 검출

  • Received : 2013.02.27
  • Accepted : 2013.04.11
  • Published : 2013.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

This paper suggests a new method of detecting attacks of network traffic by visualizing original traffic data and applying multi-class SVM (support vector machine). The proposed method first generates 2D images from IP and ports of transmitters and receivers, and extracts linear patterns and high intensity values from the images, representing traffic attacks. It then obtains variance of ports of transmitters and receivers and extracts the number of clusters and entropy features using ISODATA algorithm. Finally, it determines through multi-class SVM if the traffic data contain DDoS, DoS, Internet worm, or port scans. Experimental results show that the suggested multi-class SVM-based algorithm can more effectively detect network traffic attacks.

본 논문에서는 네트워크 트래픽 데이터를 시각화하고, 시각화된 데이터에 다중 클래스 SVM을 적용함으로써 트래픽의 공격을 자동으로 탐지하는 새로운 방법을 제안한다. 본 논문에서 제안된 방법은 먼저 송신자와 수신자의 IP와 포트 정보를 2차원의 영상으로 시각화한 후, 시각화된 영상으로부터 트래픽의 공격을 의미하는 라인과 명암값이 높은 패턴을 추출한다. 그리고 송신자와 수신자 포트의 분산도 값을 구하고, ISODATA 군집화 알고리즘을 이용하여 군집의 개수와 엔트로피 특징 값을 추출한다. 그런 다음, 위에서 추출한 여러 특징 값들을 다중클래스 SVM(Support Vector Machine)에 적용하여 네트워크 트래픽의 공격이 정상 트래픽, DDoS, DoS, 인터넷 웜, 그리고 포트 스캔인지의 여부를 효과적으로 탐지 및 분류한다. 본 논문의 실험에서는 제안된 다중 클래스 SVM을 활용한 방법이 네트워크 트래픽의 공격을 보다 효과적으로 탐지하고 분류한다는 것을 보여준다.

Keywords

References

  1. Y. Hai, "Study on Distributed Denial of Service Attack Detection Model Based on PCA and GA-Artificial Neural Network," Lecture Notes in Electrical Engineering, Vol. 113, No. 2, pp. 1181-1188, 2012. DOI: http://dx.doi.org/10.1007/978-94-007-2169-2_139
  2. X. Yin, W. Yurcik, and A. Slagell, "The Design of VisFlowConnect-IP: A Link Analysis System for IP Security Situational Awareness," In Proc. of the IEEE International Information Assurance Workshop, pp. 23-24, Mar. 2005. DOI: http://dx.doi.org/10.1109/IWIA.2005.17
  3. A.-S. Jin, J.-Y. Choi, H.-I. Choi, "Automatic Attack Detection based on Improved ISODATA Algorithm," In Proc. of the Summer Conference of the Korea Society of Computer and Information, Vol. 18, No. 2, pp. 169-172, Jul. 2010.
  4. E. Corchado and A. Herrero, "Neural Visualization of Network Traffic Data for Intrusion Detection," Applied Soft Computing, Vol. 11, No. 2, pp. 2042-2056, Mar. 2011. DOI: http://dx.doi.org/10.1016/j.asoc.2010.07.002
  5. S. M. Lee, D. S. Kim, J. H. Lee, and J. S. Park, "Detection of DDoS Attacks Using Optimized Traffic Matrix," Computers and Mathematics with Applications, Vol. 63, No. 2, pp. 501-510, Jan. 2012. DOI: http://dx.doi.org/10.1016/j.camwa.2011.08.020
  6. Y. Xie and S.-Z. Yu, "Monitoring the Application-Layer DDoS Attacks for Popular Websites," IEEE/ACM Transactions on Networking, Vol. 17, No. 1, pp. 54-65, Feb. 2009. DOI: http://dx.doi.org/10.1109/TNET.2008.925628
  7. T. Gamer, "Collaborative Anomaly-based Detection of Large-Scale Internet Attacks," Computer Networks, Vol. 56, No. 1, pp. 169-185, Jan. 2012. DOI: http://dx.doi.org/10.1016/j.comnet.2011.08.015
  8. S.-W. Jang, G.-Y. Kim, and H.-S. Na, "Detecting Abnormal Patterns of Network Traffic by Analyzing Linear Patterns and Intensity Values," Journal of the Korea Society of Computer and Information, Vol. 17, No. 5, pp. 21-28, May 2012. DOI: http://dx.doi.org/10.9708/jksci.2012.17.5.021
  9. S. Lou, X. Jiang, and P. J. Scott, "Algorithms for Morphological Profile Filters and Their Comparison," Precision Engineering, Vol. 36, No. 3, pp. 414-423, July 2012. DOI: http://dx.doi.org/10.1016/j.precisioneng.2012.01.003
  10. B. Li, K. Peng, X. Ying, and H. Zha, "Vanishing Point Detection Using Cascaded 1D Hough Transform from Single Images," Pattern Recognition Letters, Vol. 33, No. 1, pp. 1-8, 2012 DOI: http://dx.doi.org/10.1016/j.patrec.2011.09.027
  11. Q. Liu, Z. Zhao, Y.-X. Li, and Y. Li, "Feature Selection Based on Sensitivity Analysis of Fuzzy ISODATA," Neurocomputing, Vol. 85, pp. 29-37, May 2012. DOI: http://dx.doi.org/10.1016/j.neucom.2012.01.005
  12. B. N. Subudhi, P. K. Nanda, and A. Ghosh, "Entropy-based Region Selection for Moving Object Detection," Pattern Recognition Letters, Vol. 32, No. 15, pp. 2097-2108, Nov. 2011. DOI: http://dx.doi.org/10.1016/j.patrec.2011.07.028
  13. X. Peng, "TPMSVM: A Novel Twin Parametric-Margin Support Vector Machine for Pattern Recognition," Pattern Recognition, Vol. 44, No. 10-11, pp. 2678-2692, Oct.-Nov. 2011. DOI: http://dx.doi.org/10.1016/j.patcog.2011.03.031
  14. S. Lee, "The Study on the Error Rate Analysis for the Occupied Bandwidth of Internet Real-time Traffic", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 12, No 4, pp. 167-172, 2012. https://doi.org/10.7236/JIWIT.2012.12.4.167
  15. C. Lim, "TCP Performance Improvement in Network Coding over Multipath Environments", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 11, No 6, pp. 81-86, 2011.
  16. C. Lim, "Effectiveness of DUPACK-independent TCP in Coded Wireless Mesh Networks", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 11, No 1, pp. 8-13, 2011.
  17. N. T. Tung, I. Koo, "Fuzzy-based Dynamic Packet Scheduling Algorithm for Multimedia Cognitive Radios", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 12, No 3, pp. 1-7, 2012. https://doi.org/10.7236/JIWIT.2012.12.3.1
  18. H. Hwang, S.-C. Kim, "Design and Implementation of Unified Network Security System support for Traffic Management", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 11, No 6, pp. 267-273, 2011.

Cited by

  1. An Efficient One Class Classifier Using Gaussian-based Hyper-Rectangle Generation vol.41, pp.2, 2018, https://doi.org/10.11627/jkise.2018.41.2.056