ABSTRACT
The application of machine learning models to network security and anomaly detection problems has largely increased in the last decade; however, there is still no clear best-practice or silver bullet approach to address these problems in a general context. While deep-learning is today a major breakthrough in other domains, it is difficult to say which is the best model or category of models to address the detection of anomalous events in operational networks. We present a potential solution to fill this gap, exploring the application of ensemble learning models to network security and anomaly detection. We investigate different ensemble-learning approaches to enhance the detection of attacks and anomalies in network measurements, following a particularly promising model known as the Super Learner. The Super Learner performs asymptotically as well as the best possible weighted combination of the base learners, providing a very powerful approach to tackle multiple problems with the same technique. We test the proposed solution for two different problems, using the well-known MAWILab dataset for detection of network attacks, and a semi-synthetic dataset for detection of traffic anomalies in operational cellular networks. Results confirm that the Super Learner provides better results than any of the single models, opening the door for a generalization of a best-practice technique for these specific domains.
- M. Van der Laan, E. C. Polley and A. E. Hubbard, "Super learner", in Statistical applications in genetics and molecular biology, vol. 6 (1), pp. 1--21, 2007.Google Scholar
- P. Casas, A. D'Alconzo, T. Zseby and M. Mellia, "Big-DAMA: Big Data Analytics for Network Traffic Monitoring and Analysis", in ACM SIGCOMM LANCOMM Workshop, 2016. Google ScholarDigital Library
- P. Casas, A. D'Alconzo, G. Settanni, P. Fiadino and F. Skopik, "POSTER:(Semi)-Supervised Machine Learning Approaches for Network Security in High-Dimensional Network Data", in ACM CCS, 2016. Google ScholarDigital Library
- P. Casas, P. Fiadino and A. D'Alconzo, "Machine-learning based approaches for anomaly detection and classification in cellular networks", in TMA, 2016.Google Scholar
- Y. Freund, R. E. Schapire, Y. Singer and M. K. Warmuth, "Using and combining predictors that specialize", in ACM STOC, 1997. Google ScholarDigital Library
- J. Hansen, "Combining predictors: Some old methods and a new method", available online at Citeseer, 1998.Google Scholar
- T. Dietterich, "Ensemble learning", in The handbook of brain theory and neural networks, vol. 2, pp. 110--125, MIT Press, 2002.Google Scholar
- P. Sollich and A. Krogh, "Learning with ensembles: How overfitting can be useful", in Advances in neural information processing systems, pp. 190--196, 1996. Google ScholarDigital Library
- R. Fontugne, P. Borgnat, P. Abry and K. Fukuda, "MAWILab: Combining Diverse Anomaly Detectors for Automated Anomaly Labeling and Performance Benchmarking", in ACM CoNEXT, 2010 Google ScholarDigital Library
- T. T. T. Nguyen and G. Armitage, "A Survey of Techniques for Internet Traffic Classification using Machine Learning", in IEEE Comm. Surv. & Tut, vol. 10 (4), pp. 56--76, 2008. Google ScholarDigital Library
- V. Chandola, A. Banerjee and V. Kumar, "Anomaly detection: A survey", in ACM Comput. Surv., vol. 41 (3), pp. 1--58, 2009. Google ScholarDigital Library
- M. Ahmed, A. Naser Mahmood and J. Hu, "A Survey of Network Anomaly Detection Techniques", in J. Netw. Comput. Appl., vol. 60, pp. 19--31, 2016. Google ScholarDigital Library
- W. Zhang, Q. Yang and Y. Geng, "A Survey of Anomaly Detection Methods in Networks", in CNMT Symposium, 2009.Google ScholarCross Ref
- R. Ravinder Reddy, Y. Ramadevi and K. V. N. Sunitha, "Real Time Anomaly Detection Using Ensembles", in ICISA International Conference, 2014.Google Scholar
- M. Ozdemir and I. Sogukpinar, "An Android Malware Detection Architecture based on Ensemble Learning", in Trans. on Machine Learning and Artificial Intelligence, vol. 2 (3), pp. 90--106, 2014.Google ScholarCross Ref
Index Terms
- Ensemble-learning Approaches for Network Security and Anomaly Detection
Recommendations
Stream-based Machine Learning for Network Security and Anomaly Detection
Big-DAMA '18: Proceedings of the 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication NetworksData Stream Machine Learning is rapidly gaining popularity within the network monitoring community as the big data produced by network devices and end-user terminals goes beyond the memory constraints of standard monitoring equipment. Critical network ...
Cloud-based multiclass anomaly detection and categorization using ensemble learning
AbstractThe world of the Internet and networking is exposed to many cyber-attacks and threats. Over the years, machine learning models have progressed to be integrated into many scenarios to detect anomalies accurately. This paper proposes a novel ...
POSTER: (Semi)-Supervised Machine Learning Approaches for Network Security in High-Dimensional Network Data
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityNetwork security represents a keystone to ISPs, who need to cope with an increasing number of network attacks that put the network's integrity at risk. The high-dimensionality of network data provided by current network monitoring systems opens the door ...
Comments