Learning Centre

Performance Evaluation of a Combined Anomaly Detection Platform

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.author Monshizadeh, Mehrnoosh
dc.contributor.author Khatri, Vikramajeet
dc.contributor.author Atli, Buse
dc.contributor.author Kantola, Raimo
dc.contributor.author Yan, Zheng
dc.date.accessioned 2019-09-03T13:50:43Z
dc.date.available 2019-09-03T13:50:43Z
dc.date.issued 2019-07-24
dc.identifier.citation Monshizadeh , M , Khatri , V , Atli , B , Kantola , R & Yan , Z 2019 , ' Performance Evaluation of a Combined Anomaly Detection Platform ' , IEEE Access , vol. 7 , no. 2169-3536 , pp. 100964-100978 . https://doi.org/10.1109/ACCESS.2019.2930832 en
dc.identifier.issn 2169-3536
dc.identifier.other PURE UUID: ed48e09e-b7bb-4964-81d7-a9462ddf6529
dc.identifier.other PURE ITEMURL: https://research.aalto.fi/en/publications/ed48e09e-b7bb-4964-81d7-a9462ddf6529
dc.identifier.other PURE LINK: https://ieeexplore.ieee.org/document/8771247
dc.identifier.other PURE FILEURL: https://research.aalto.fi/files/36172390/08771247.pdf
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/40147
dc.description.abstract Hybrid Anomaly Detection Model (HADM) is a platform that filters network traffic and identifies malicious activities on the network. The platform applies data mining techniques to tackle effectively the security issues in high load communication networks. The platform uses a combination of linear and learning algorithms combined with protocol analyzer. The linear algorithms filter and extract distinctive attributes and features of the cyber-attacks while the learning algorithms use these attributes and features to identify new types of cyber-attacks. The protocol analyzer in this platform classifies and filters vulnerable protocols to avoid unnecessary computation load. The use of linear algorithms in conjunction with learning algorithms and protocol analyzer allows the HADM to achieve improved efficiency in terms of accuracy and computation time to detect cyber-attacks over existing solutions. While authors’ previous paper evaluated HADM efficiency (accuracy and computation time) against related studies, this paper, concentrates on HADM robustness and scalability. For this purpose, five datasets, including ISCX-2012, UNSW-NB15 Jan, UNSW-NB15 Feb, ISCX-2017, and MAWILab-2018, with various size and diverse attacks have been used. Different feature selection methods are applied to find the best features. The feature selection methods are selected based on the algorithms’ computation time and detection rate. The best algorithms are then selected through a benchmark on applied datasets and based on the metrics such as cross-entropy loss, precision, recall, and computation time. The result of HADM platform shows robustness and scalability against datasets with different size and diverse attacks. en
dc.format.extent 15
dc.format.extent 100964-100978
dc.format.mimetype application/pdf
dc.language.iso en en
dc.relation.ispartofseries IEEE Access en
dc.relation.ispartofseries Volume 7, issue 2169-3536 en
dc.rights openAccess en
dc.title Performance Evaluation of a Combined Anomaly Detection Platform en
dc.type A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä fi
dc.description.version Peer reviewed en
dc.contributor.department Department of Communications and Networking
dc.contributor.department Nokia Bell Labs
dc.contributor.department Adj. Prof Asokan N. group
dc.contributor.department Network Security and Trust
dc.contributor.department Department of Computer Science en
dc.subject.keyword Anomaly Detection
dc.subject.keyword Data Mining
dc.subject.keyword feature selection
dc.subject.keyword machine learning
dc.subject.keyword security
dc.identifier.urn URN:NBN:fi:aalto-201909035189
dc.identifier.doi 10.1109/ACCESS.2019.2930832
dc.type.version publishedVersion

Files in this item

Files Size Format View

There are no open access files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication