Next Article in Journal
Comparison of Unassisted and Smart Assisted Negotiation in B2B Relationships from the Perspective of Generation Y
Previous Article in Journal
Semantic Information G Theory and Logical Bayesian Inference for Machine Learning
Open AccessArticle

Network Anomaly Detection by Using a Time-Decay Closed Frequent Pattern

1
College of Information Technology, Beijing University of Chemical Technology, Beijing 100029, China
2
School of Computer Science, University of Technology Sydney, Ultimo 2007, Australia
3
Centre for Artificial Intelligence, University of Technology Sydney, Ultimo 2007, Australia
4
School of Information Technology, Deakin University, Burwood 3125, Australia
*
Author to whom correspondence should be addressed.
Information 2019, 10(8), 262; https://doi.org/10.3390/info10080262
Received: 23 June 2019 / Revised: 12 August 2019 / Accepted: 14 August 2019 / Published: 17 August 2019
(This article belongs to the Section Information and Communications Technology)
Anomaly detection of network traffic flows is a non-trivial problem in the field of network security due to the complexity of network traffic. However, most machine learning-based detection methods focus on network anomaly detection but ignore the user anomaly behavior detection. In real scenarios, the anomaly network behavior may harm the user interests. In this paper, we propose an anomaly detection model based on time-decay closed frequent patterns to address this problem. The model mines closed frequent patterns from the network traffic of each user and uses a time-decay factor to distinguish the weight of current and historical network traffic. Because of the dynamic nature of user network behavior, a detection model update strategy is provided in the anomaly detection framework. Additionally, the closed frequent patterns can provide interpretable explanations for anomalies. Experimental results show that the proposed method can detect user behavior anomaly, and the network anomaly detection performance achieved by the proposed method is similar to the state-of-the-art methods and significantly better than the baseline methods. View Full-Text
Keywords: anomaly detection; frequent pattern; user behavior anomaly detection; frequent pattern; user behavior
Show Figures

Figure 1

MDPI and ACS Style

Zhao, Y.; Chen, J.; Wu, D.; Teng, J.; Sharma, N.; Sajjanhar, A.; Blumenstein, M. Network Anomaly Detection by Using a Time-Decay Closed Frequent Pattern. Information 2019, 10, 262.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop