Home // ICSNC 2014, The Ninth International Conference on Systems and Networks Communications // View article

Improving Network Traffic Anomaly Detection for Cloud Computing Services

Authors:
Ana Cristina Oliveira
Marco Spohn
Reinaldo Gomes
Do Le Quoc
Breno Jacinto Duarte

Keywords: Network traffic anomaly detection; Cloud Computing; Entropy; Machine learning.

Abstract:
Efficient network traffic anomaly detection is a widely studied problem on avoiding attacks and unwanted use of communication infrastructures. Existing techniques to detect, prevent or monitor these attacks are usually based on known thresholds, on the construction of profiles of normal traffic patterns, or on signature pattern matching of anomalous behavior (i.e., viruses and attacks). On the other hand, there are dynamic techniques that strive to predict the system's clutter degree; i.e., the system entropy, supposing that outliers translate to anomalies. We have developed and analyzed the accuracy of a network anomaly detector for Cloud Computing Systems based on the entropy of network traffic metrics. Although entropy-based solutions do not suppose hard knowledge of the system, the results point out to the need for more accurate adjustment of system parameters, taking into consideration the nature of the data, frequency of events, and the variation of metric values. To improve the results, unsupervised machine learning algorithms were added to the anomaly detection process.

Pages: 107 to 113

Copyright: Copyright (c) IARIA, 2014

Publication date: October 12, 2014

Published in: conference

ISSN: 2163-9027

ISBN: 978-1-61208-368-1

Location: Nice, France

Dates: from October 12, 2014 to October 16, 2014