List of Articles Anomaly detection

• Open Access Article
  • Abstract Page
  • Full-Text
  
  1 - Modeling the Inter-arrival Time of Packets in Network Traffic and Anomaly Detection Using the Zipf’s Law
  Ali Naghash Asadi Mohammad  Abdollahi Azgomi
  10.7508/jist.2018.02.003
  In this paper, a new method based on the Zipf’s law for modeling the features of the network traffic is proposed. The Zipf's law is an empirical law that provides the relationship between the frequency and rank of each category in the data set. Some data sets may follow More

  In this paper, a new method based on the Zipf’s law for modeling the features of the network traffic is proposed. The Zipf's law is an empirical law that provides the relationship between the frequency and rank of each category in the data set. Some data sets may follow from the Zipf’s law, but we show that each data set can be converted to the data set following from the Zipf’s law by changing the definition of categories. We use this law to model the inter-arrival time of packets in the normal network traffic and then we show that this model can be used to simulate the inter-arrival time of packets. The advantage of this law is that it can provide high similarity using less information. Furthermore, the Zipf’s law can model different features of the network traffic that may not follow from the mathematical distributions. The simple approach of this law can provide accuracy and lower limitations in comparison to existing methods. The Zipf's law can be also used as a criterion for anomaly detection. For this purpose, the TCP_Flood and UDP_Flood attacks are added to the inter-arrival time of packets and they are detected with high detection rate. We show that the Zipf’s law can create an accurate model of the feature to classify the feature values and obtain the rank of its categories, and this model can be used to simulate the feature values and detect anomalies. The evaluation results of the proposed method on MAWI and NUST traffic collections are presented in this paper. Manuscript profile
• Open Access Article
  • Abstract Page
  • Full-Text
  
  2 - Fuzzy Voting for Anomaly Detection in Cluster-Based Mobile Ad Hoc Networks
  Mohammad Rahmanimanesh Saeed Jalili
  In this paper, an attack analysis and detection method in cluster-based mobile ad hoc networks with AODV routing protocol is proposed. The proposed method uses the anomaly detection approach for detecting attacks in which the required features for describing the normal More

  In this paper, an attack analysis and detection method in cluster-based mobile ad hoc networks with AODV routing protocol is proposed. The proposed method uses the anomaly detection approach for detecting attacks in which the required features for describing the normal behavior of AODV protocol are defined via step by step analysis of AODV protocol and independent of any attack. In order to learn the normal behavior of AODV, a fuzzy voting method is used for combining support vector data description (SVDD), mixture of Gaussians (MoG), and self-organizing maps (SOM) one-class classifiers and the combined model is utilized to partially detect the attacks in cluster members. The votes of cluster members are periodically transmitted to the cluster head and final decision on attack detection is carried out in the cluster head. In the proposed method, a fuzzy voting method is used for aggregating the votes of cluster members in the cluster head by which the performance of the method improves significantly in detecting blackhole, rushing, route error fabrication, packet replication, and wormhole attacks. In this paper, an attack analysis method based on feature sensitivity ranking is also proposed that determines which features are influenced more by the mentioned attacks. This sensitivity ranking leads to the detection of the types of attacks launched on the network. Manuscript profile
• Open Access Article
  • Abstract Page
  • Full-Text
  
  3 - Improving IoT Botnet Anomaly Detection Based on Dynamic Feature Selection and Hybrid Processing
  Boshra Pishgoo Ahmad akbari azirani
  The complexity of real-world applications, especially in the field of the Internet of Things, has brought with it a variety of security risks. IoT Botnets are known as a type of complex security attacks that can be detected using machine learning tools. Detection of the More

  The complexity of real-world applications, especially in the field of the Internet of Things, has brought with it a variety of security risks. IoT Botnets are known as a type of complex security attacks that can be detected using machine learning tools. Detection of these attacks, on the one hand, requires the discovery of their behavior patterns using batch processing with high accuracy, and on the other hand, must be operated in real time and adaptive like stream processing. This highlights the importance of using batch/stream hybrid processing techniques for botnet detection. Among the important challenges of these processes, we can mention the selection of appropriate features to build basic models and also the intelligent selection of basic models to combine and present the final result. In this paper, we present a solution based on a combination of stream and batch learning methods with the aim of botnet anomaly detection. This approach uses a dynamic feature selection method that is based on a genetic algorithm and is fully compatible with the nature of hybrid processing. The experimental results in a data set consisting of two known types of botnets indicate that on the one hand, the proposed approach increases the speed of hybrid processing and reduces the detection time of the botnets by reducing the number of features and removing inappropriate features, and on the other hand, increases accuracy by selecting appropriate models for combination. Manuscript profile