Using Intuitionistic Fuzzy Set for Anomaly Detection of Network Traffic From Flow Interaction

We present a method to detect anomalies in time series of flow interaction patterns. There are many existing methods for anomaly detection in network traffic, such as the number of packets. However, there is no established method to detect anomalies in time series of flow interaction patterns that c...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 6; pp. 64801 - 64816
Main Authors Wang, Jinfa, Zhao, Hai, Xu, Jiuqiang, Li, Hequn, Zhu, Hongsong, Chao, Shuai, Zheng, Chunyang
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 2018
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Anomalies
Anomaly detection
Clustering
Communications traffic
complex network
Complex networks
Correlation
ensemble method
flow interaction
Fuzzy sets
Gaussian distribution
Indexes
Internet
intuitionistic fuzzy set
Multivariate analysis
multivariate flow similarity
Network traffic flow
Normal distribution
Similarity
temporal locality
Time series
Time series analysis
Traffic flow
Online AccessGet full text

Cover

More Information
Summary:We present a method to detect anomalies in time series of flow interaction patterns. There are many existing methods for anomaly detection in network traffic, such as the number of packets. However, there is no established method to detect anomalies in time series of flow interaction patterns that can be represented as complex network. First, based on the proposed multivariate flow similarity method on temporal locality, a complex network model (MFS-TL) is constructed to describe the interactive behaviors of traffic flows. After analyzing the relationships between MFS-TL characteristics, temporal locality window, and multivariate flow similarity critical threshold, an approach for parameters determination was established. Observed the evolution of MFS-TL characteristics, three non-deterministic correlations were defined for network states (i.e., normal or abnormal). Furthermore, intuitionistic fuzzy set (IFS) is introduced to quantify three non-deterministic correlations, and an anomaly detection method is put forward for single characteristic sequence. In order to build an objective IFS, we design a Gaussian distribution-based membership function with a variable hesitation degree. To determine the mapping of IFS's clustering intervals to network states, a distinction index is developed. Furthermore, an IFS ensemble method (IFSE-AD) is proposed to eliminate the impacts of the inconsistent about MFS-TL characteristic to network state and to improve detection performance. Finally, we carried out extensive experiments on some network traffic datasets, and the results validate the effectiveness of our method and demonstrate the superiority of IFSE-AD to state-of-the-art approaches.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2018.2873291