Multivariate metrics of normal and anomalous network behaviors

Nong Ye; Douglas Montgomery; Kevin Mills; Mark Carson

Multivariate metrics of normal and anomalous network behaviors

Nong Ye, Douglas Montgomery, Kevin Mills, Mark Carson

Engineering, Ira A. Fulton Schools of (IAFSE)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

Detecting network anomalies is a fundamental part of day to day operations for Internet Service Providers and enterprises to maintain the efficiency and reliability of computer networks. Network anomaly detection is based on data characteristics of normal and anomalous network behaviors. Although many existing studies report univariate data characteristics of normal and anomalous network behaviors, there are few studies on multivariate data characteristics of normal and anomalous network behaviors. The goal of this study is to investigate multivariate data characteristics of normal and anomalous network behaviors using the Partial-Value Association Discovery (PVAD) algorithm. This paper illustrates the use of the PVAD algorithm to analyze network flow data of a medium size enterprise under the normal condition and an anomalous condition and reveal multivariate data characteristics of the normal and anomalous network flows in the form of multivariate data associations.

Original language	English (US)
Title of host publication	2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	55-58
Number of pages	4
ISBN (Electronic)	9783903176157
State	Published - May 16 2019
Event	2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019 - Arlington, United States Duration: Apr 8 2019 → Apr 12 2019

Publication series

Name	2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019

Conference

Conference	2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019
Country/Territory	United States
City	Arlington
Period	4/8/19 → 4/12/19

Keywords

Data mining
Multivariate data characteristics of network flows
Network anomaly detection

ASJC Scopus subject areas

Information Systems and Management
Management Science and Operations Research
Information Systems
Computer Networks and Communications

Cite this

Multivariate metrics of normal and anomalous network behaviors. / Ye, Nong; Montgomery, Douglas; Mills, Kevin et al.
2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 55-58 8717823 (2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ye, N, Montgomery, D, Mills, K & Carson, M 2019, Multivariate metrics of normal and anomalous network behaviors. in 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019., 8717823, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019, Institute of Electrical and Electronics Engineers Inc., pp. 55-58, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019, Arlington, United States, 4/8/19.

@inproceedings{758f0baeca4e4559bf55b8e11abe54ca,

title = "Multivariate metrics of normal and anomalous network behaviors",

abstract = "Detecting network anomalies is a fundamental part of day to day operations for Internet Service Providers and enterprises to maintain the efficiency and reliability of computer networks. Network anomaly detection is based on data characteristics of normal and anomalous network behaviors. Although many existing studies report univariate data characteristics of normal and anomalous network behaviors, there are few studies on multivariate data characteristics of normal and anomalous network behaviors. The goal of this study is to investigate multivariate data characteristics of normal and anomalous network behaviors using the Partial-Value Association Discovery (PVAD) algorithm. This paper illustrates the use of the PVAD algorithm to analyze network flow data of a medium size enterprise under the normal condition and an anomalous condition and reveal multivariate data characteristics of the normal and anomalous network flows in the form of multivariate data associations.",

keywords = "Data mining, Multivariate data characteristics of network flows, Network anomaly detection",

author = "Nong Ye and Douglas Montgomery and Kevin Mills and Mark Carson",

year = "2019",

month = may,

day = "16",

language = "English (US)",

series = "2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "55--58",

booktitle = "2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019",

note = "2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019 ; Conference date: 08-04-2019 Through 12-04-2019",

}

TY - GEN

T1 - Multivariate metrics of normal and anomalous network behaviors

AU - Ye, Nong

AU - Montgomery, Douglas

AU - Mills, Kevin

AU - Carson, Mark

PY - 2019/5/16

Y1 - 2019/5/16

N2 - Detecting network anomalies is a fundamental part of day to day operations for Internet Service Providers and enterprises to maintain the efficiency and reliability of computer networks. Network anomaly detection is based on data characteristics of normal and anomalous network behaviors. Although many existing studies report univariate data characteristics of normal and anomalous network behaviors, there are few studies on multivariate data characteristics of normal and anomalous network behaviors. The goal of this study is to investigate multivariate data characteristics of normal and anomalous network behaviors using the Partial-Value Association Discovery (PVAD) algorithm. This paper illustrates the use of the PVAD algorithm to analyze network flow data of a medium size enterprise under the normal condition and an anomalous condition and reveal multivariate data characteristics of the normal and anomalous network flows in the form of multivariate data associations.

AB - Detecting network anomalies is a fundamental part of day to day operations for Internet Service Providers and enterprises to maintain the efficiency and reliability of computer networks. Network anomaly detection is based on data characteristics of normal and anomalous network behaviors. Although many existing studies report univariate data characteristics of normal and anomalous network behaviors, there are few studies on multivariate data characteristics of normal and anomalous network behaviors. The goal of this study is to investigate multivariate data characteristics of normal and anomalous network behaviors using the Partial-Value Association Discovery (PVAD) algorithm. This paper illustrates the use of the PVAD algorithm to analyze network flow data of a medium size enterprise under the normal condition and an anomalous condition and reveal multivariate data characteristics of the normal and anomalous network flows in the form of multivariate data associations.

KW - Data mining

KW - Multivariate data characteristics of network flows

KW - Network anomaly detection

UR - http://www.scopus.com/inward/record.url?scp=85066976906&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85066976906&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85066976906

T3 - 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019

SP - 55

EP - 58

BT - 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019

Y2 - 8 April 2019 through 12 April 2019

ER -

Multivariate metrics of normal and anomalous network behaviors

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this