Network anomaly detection using a commute distance based approach

Nguyen Lu Dang Khoa, Tahereh Babaie, Sanjay Chawla, Zainab Zaidi

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

We propose the use of commute distance, a random walk metric, to discover anomalies in network traffic data. The commute distance based anomaly detection approach has several advantages over Principal Component Analysis (PCA), which is the method of choice for this task: (i) It generalizes both distance and density based anomaly detection techniques while PCA is primarily distance-based (ii) It is agnostic about the underlying data distribution, while PCA is based on the assumption that data follows a Gaussian distribution and (iii) It is more robust compared to PCA, i.e., a perturbation of the underlying data or changes in parameters used will have a less significant effect on the output of it than PCA. Experiments and analysis on simulated and real datasets are used to validate our claims.

Original languageEnglish
Title of host publicationProceedings - 10th IEEE International Conference on Data Mining Workshops, ICDMW 2010
Pages943-950
Number of pages8
DOIs
StatePublished - 2010
Externally publishedYes
Event10th IEEE International Conference on Data Mining Workshops, ICDMW 2010 - Sydney, NSW, Australia
Duration: Dec 14 2010Dec 17 2010

Publication series

NameProceedings - IEEE International Conference on Data Mining, ICDM
ISSN (Print)1550-4786

Conference

Conference10th IEEE International Conference on Data Mining Workshops, ICDMW 2010
Country/TerritoryAustralia
CitySydney, NSW
Period12/14/1012/17/10

Keywords

  • Commute distance based approach
  • Density-based approach
  • Distance-based approach
  • Network anomaly detection
  • Principal component analysis

Fingerprint

Dive into the research topics of 'Network anomaly detection using a commute distance based approach'. Together they form a unique fingerprint.

Cite this