Browse > Article
http://dx.doi.org/10.5762/KAIS.2013.14.4.1942

Traffic Anomaly Identification Using Multi-Class Support Vector Machine  

Park, Young-Jae (School of Computing, Soongsil University)
Kim, Gye-Young (School of Computing, Soongsil University)
Jang, Seok-Woo (Department of Digital Media, Anyang University)
Publication Information
Journal of the Korea Academia-Industrial cooperation Society / v.14, no.4, 2013 , pp. 1942-1950 More about this Journal
Abstract
This paper suggests a new method of detecting attacks of network traffic by visualizing original traffic data and applying multi-class SVM (support vector machine). The proposed method first generates 2D images from IP and ports of transmitters and receivers, and extracts linear patterns and high intensity values from the images, representing traffic attacks. It then obtains variance of ports of transmitters and receivers and extracts the number of clusters and entropy features using ISODATA algorithm. Finally, it determines through multi-class SVM if the traffic data contain DDoS, DoS, Internet worm, or port scans. Experimental results show that the suggested multi-class SVM-based algorithm can more effectively detect network traffic attacks.
Keywords
Learning; Morphological Operation; Multi-Class; Support Vector Machine; Traffic Anomaly;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 S. Lou, X. Jiang, and P. J. Scott, "Algorithms for Morphological Profile Filters and Their Comparison," Precision Engineering, Vol. 36, No. 3, pp. 414-423, July 2012. DOI: http://dx.doi.org/10.1016/j.precisioneng.2012.01.003   DOI   ScienceOn
2 B. Li, K. Peng, X. Ying, and H. Zha, "Vanishing Point Detection Using Cascaded 1D Hough Transform from Single Images," Pattern Recognition Letters, Vol. 33, No. 1, pp. 1-8, 2012 DOI: http://dx.doi.org/10.1016/j.patrec.2011.09.027   DOI   ScienceOn
3 Q. Liu, Z. Zhao, Y.-X. Li, and Y. Li, "Feature Selection Based on Sensitivity Analysis of Fuzzy ISODATA," Neurocomputing, Vol. 85, pp. 29-37, May 2012. DOI: http://dx.doi.org/10.1016/j.neucom.2012.01.005   DOI   ScienceOn
4 B. N. Subudhi, P. K. Nanda, and A. Ghosh, "Entropy-based Region Selection for Moving Object Detection," Pattern Recognition Letters, Vol. 32, No. 15, pp. 2097-2108, Nov. 2011. DOI: http://dx.doi.org/10.1016/j.patrec.2011.07.028   DOI   ScienceOn
5 X. Peng, "TPMSVM: A Novel Twin Parametric-Margin Support Vector Machine for Pattern Recognition," Pattern Recognition, Vol. 44, No. 10-11, pp. 2678-2692, Oct.-Nov. 2011. DOI: http://dx.doi.org/10.1016/j.patcog.2011.03.031   DOI   ScienceOn
6 S. Lee, "The Study on the Error Rate Analysis for the Occupied Bandwidth of Internet Real-time Traffic", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 12, No 4, pp. 167-172, 2012.   과학기술학회마을   DOI   ScienceOn
7 C. Lim, "TCP Performance Improvement in Network Coding over Multipath Environments", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 11, No 6, pp. 81-86, 2011.   과학기술학회마을
8 C. Lim, "Effectiveness of DUPACK-independent TCP in Coded Wireless Mesh Networks", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 11, No 1, pp. 8-13, 2011.   과학기술학회마을
9 N. T. Tung, I. Koo, "Fuzzy-based Dynamic Packet Scheduling Algorithm for Multimedia Cognitive Radios", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 12, No 3, pp. 1-7, 2012.   과학기술학회마을   DOI   ScienceOn
10 H. Hwang, S.-C. Kim, "Design and Implementation of Unified Network Security System support for Traffic Management", Journal of The Institute of Webcasting, Internet and Telecommunication, Vol 11, No 6, pp. 267-273, 2011.   과학기술학회마을
11 Y. Hai, "Study on Distributed Denial of Service Attack Detection Model Based on PCA and GA-Artificial Neural Network," Lecture Notes in Electrical Engineering, Vol. 113, No. 2, pp. 1181-1188, 2012. DOI: http://dx.doi.org/10.1007/978-94-007-2169-2_139   DOI
12 X. Yin, W. Yurcik, and A. Slagell, "The Design of VisFlowConnect-IP: A Link Analysis System for IP Security Situational Awareness," In Proc. of the IEEE International Information Assurance Workshop, pp. 23-24, Mar. 2005. DOI: http://dx.doi.org/10.1109/IWIA.2005.17   DOI
13 A.-S. Jin, J.-Y. Choi, H.-I. Choi, "Automatic Attack Detection based on Improved ISODATA Algorithm," In Proc. of the Summer Conference of the Korea Society of Computer and Information, Vol. 18, No. 2, pp. 169-172, Jul. 2010.   과학기술학회마을
14 E. Corchado and A. Herrero, "Neural Visualization of Network Traffic Data for Intrusion Detection," Applied Soft Computing, Vol. 11, No. 2, pp. 2042-2056, Mar. 2011. DOI: http://dx.doi.org/10.1016/j.asoc.2010.07.002   DOI   ScienceOn
15 S. M. Lee, D. S. Kim, J. H. Lee, and J. S. Park, "Detection of DDoS Attacks Using Optimized Traffic Matrix," Computers and Mathematics with Applications, Vol. 63, No. 2, pp. 501-510, Jan. 2012. DOI: http://dx.doi.org/10.1016/j.camwa.2011.08.020   DOI   ScienceOn
16 S.-W. Jang, G.-Y. Kim, and H.-S. Na, "Detecting Abnormal Patterns of Network Traffic by Analyzing Linear Patterns and Intensity Values," Journal of the Korea Society of Computer and Information, Vol. 17, No. 5, pp. 21-28, May 2012. DOI: http://dx.doi.org/10.9708/jksci.2012.17.5.021   과학기술학회마을   DOI   ScienceOn
17 Y. Xie and S.-Z. Yu, "Monitoring the Application-Layer DDoS Attacks for Popular Websites," IEEE/ACM Transactions on Networking, Vol. 17, No. 1, pp. 54-65, Feb. 2009. DOI: http://dx.doi.org/10.1109/TNET.2008.925628   DOI   ScienceOn
18 T. Gamer, "Collaborative Anomaly-based Detection of Large-Scale Internet Attacks," Computer Networks, Vol. 56, No. 1, pp. 169-185, Jan. 2012. DOI: http://dx.doi.org/10.1016/j.comnet.2011.08.015   DOI   ScienceOn