ADAPTIVE REAL-TIME NETWORK MONITORING SYSTEM - Detecting Anomalous Activity with Evolving Connectionist System

Muhammad Fermi Pasha, Rahmat Budiarto, Masashi Yamada

Abstract

When diagnosing network problems, it is desirable to have a view of the traffic inside the network. This can be achieved by profiling the traffic. A fully profiled traffic can contain significant information of the network’s current state, and can be further used to detect anomalous traffic and manage the network better. Many has addressed problems of profiling network traffic, but unfortunately there are no specific profiles could lasts forever for one particular network, since network traffic characteristic always changes over and over based on the sum of nodes, software that being used, type of access, etc. This paper introduces an online adaptive system using Evolving Connectionist Systems to profile network traffic in continuous manner while at the same time try to detect anomalous activity inside the network in real-time and adapt with changes if necessary. Different from an offline approach, which usually profile network traffic using previously captured data for a certain period of time, an online and adaptive approach can use a shorter period of data capturing and evolve its profile if the characteristic of the network traffic has changed.

References

  1. Pasha, M. F. and Budiarto, R., 2004. Developing Online Adaptive Engine for Profiling Network Traffic using Evolving Connectionist Systems. In NCEI'04, Conference on Neuro-Computing and Evolving Intelligence 2004. Auckland, New Zealand.
  2. Kasabov, N., 2003. Evolving Connectionist System: Methods and Applications in Bioinformatics, Brain Study and Intelligent Machines, Springer-Verlag. London, 1st edition.
  3. Pasha, M. F., Budiarto, R., Sumari, P., and Osman, A., 2004. Data Mining and Rule Generation in Network Traffic using Fuzzy Clustering Techniques. In M2USIC'04, MMU International Symposium on Information and Communications Technologies. Putrajaya, Malaysia.
  4. Lampinen, T., Koivisto, H., and Honkanen, T., 2002. Profiling Network Application with Fuzzy C-Means Clustering and Self Organizing Map. In First International Conference on Fuzzy System and Knowledge Discovery: Computational Intelligence for the E-Age. Singapore.
  5. Song, Q. and Kasabov, N., 2001. ECM, A Novel On-line, Evolving Clustering Method and its Applications. In ANNES'01, Fifth Biannual Conference on Artificial Neural Networks and Expert Systems.
  6. Marchette, D., 1999. A Statistical Method for Profiling Network Traffic. In Workshop on Intrusion Detection and Network Monitoring. USA.
  7. Paxson, V., 1998. Bro: A System for Detecting Network Intruders in Real-Time. In 7th USENIX Security Symposium. USA.
  8. Kasabov, N. and Song, Q., 2002. DENFIS: Dynamic Evolving Neuro-Fuzzy Inference System and its Application for time-series prediction. In IEEE Trans. Fuzzy System, 10(2), 144-154.
  9. Purvis, D., Kasabov, N., Benwell, G., Zhou, Q., and Zhang, F., 1999. Neuro-Fuzzy methods for environmental modelling. In System Research and Information Systems, 8(4), 221-239.
  10. Barford, P. and Plonka, D., 2001. Characteristics of Network Traffic Flow Anomalies. In ACM Internet measurement Workshop ACM SIGCOMM'01. San Francisco, USA.
  11. Sureswaran, R., 2001. Network Monitor. In Conference of Asia Pasific Advance Network. Penang, Malaysia.
  12. Degioanni, L., Risso, F., Varenni, G., and Viano, P., 2003. WinPcap: The Free Packet Capture Architecture for Windows. In http://winpcap.polito.it/.
  13. Takagi, T. and Sugeno, M., 1985. Fuzzy Identification of Systems and its Application to Modeling and Control. In IEEE Trans. System, Man. and Cybernetics, 15(1), 116-132.
Download


Paper Citation


in Harvard Style

Fermi Pasha M., Budiarto R. and Yamada M. (2005). ADAPTIVE REAL-TIME NETWORK MONITORING SYSTEM - Detecting Anomalous Activity with Evolving Connectionist System . In Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE, ISBN 972-8865-32-5, pages 201-209. DOI: 10.5220/0001410702010209


in Bibtex Style

@conference{icete05,
author={Muhammad Fermi Pasha and Rahmat Budiarto and Masashi Yamada},
title={ADAPTIVE REAL-TIME NETWORK MONITORING SYSTEM - Detecting Anomalous Activity with Evolving Connectionist System},
booktitle={Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE,},
year={2005},
pages={201-209},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001410702010209},
isbn={972-8865-32-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on e-Business and Telecommunication Networks - Volume 1: ICETE,
TI - ADAPTIVE REAL-TIME NETWORK MONITORING SYSTEM - Detecting Anomalous Activity with Evolving Connectionist System
SN - 972-8865-32-5
AU - Fermi Pasha M.
AU - Budiarto R.
AU - Yamada M.
PY - 2005
SP - 201
EP - 209
DO - 10.5220/0001410702010209