Unsupervised anomaly detection for network traffic using artificial immune network

Yuanquan Shi, Hong Shen

Research output: Contribution to journalArticlepeer-review

12 Citations (Scopus)

Abstract

In the existing approaches of multifarious knowledge based anomaly detection for network traffic, the priori knowledge labelled by human experts has to be consecutively updated for identification of new anomalies. Because anomalies usually show different patterns from the majority of network activities, it is hard to detect them based on the priori knowledge. Unsupervised anomaly detection using autonomous techniques without any priori knowledge is an effective strategy to overcome this drawback. In this paper, we propose a novel model of Unsupervised Anomaly Detection approach based on Artificial Immune Network (UADAIN) that consists of unsupervised clustering, cluster partition and anomaly detection. Our model uses the aiNet based unsupervised clustering approach to generate cluster centroids from network traffic, and the Cluster Centroids based Partition algorithm (CCP) then coarsely partition cluster centroids in the training phase as the self set (normal rules) and antibody set (anomalous rules). In test phase, to keep consecutive evolution of selves and antibodies, we introduce the Immune Network based Anomaly Detection model (INAD) to automatically learn and evolve the self set and antibody set. To evaluate the effectiveness of UADAIN, we conduct simulation experiments on ISCX 2012 IDS dataset and NSL-KDD dataset. In comparison with two popular anomaly detection approaches based on K-means clustering and aiNet-HC clustering, respectively, the experiment results demonstrate that UADAIN achieves better detection performance in detecting anomalies of network traffic.

Original languageEnglish
Pages (from-to)13007-13027
Number of pages21
JournalNeural Computing and Applications
Volume34
Issue number15
DOIs
Publication statusPublished - Aug 2022
Externally publishedYes

Keywords

  • Artificial immune network
  • Clustering
  • Network traffic
  • Unsupervised anomaly detection

Fingerprint

Dive into the research topics of 'Unsupervised anomaly detection for network traffic using artificial immune network'. Together they form a unique fingerprint.

Cite this