Outlier Detection Method Use for the Network Flow Anomaly Detection
Rimas Ciplinskas (Vilnius Gediminas Technical University, Lithuania)
Nerijus Paulauskas (Vilnius Gediminas Technical University, Lithuania)
Nerijus Paulauskas (Vilnius Gediminas Technical University, Lithuania)
Abstract
New and existing methods of cyber-attack detection are constantly being developed and improved because there is a great number of attacks and the demand to protect from them. In prac-tice, current methods of attack detection operates like antivirus programs, i. e. known attacks signatures are created and attacks are detected by using them. These methods have a drawback – they cannot detect new attacks. As a solution, anomaly detection methods are used. They allow to detect deviations from normal network behaviour that may show a new type of attack. This article introduces a new method that allows to detect network flow anomalies by using local outlier factor algorithm. Accom-plished research allowed to identify groups of features which showed the best results of anomaly flow detection according the highest values of precision, recall and F-measure.
Article in:
Lithuanian
Article published:
2016-06-29
Keyword(s): anomaly; anomaly detection methods, LOF; network flow; network attack.
DOI: 10.3846/mla.2016.928
Science – Future of Lithuania / Mokslas – Lietuvos Ateitis ISSN 2029-2341, eISSN 2029-2252
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 License.