Usage Behavior Profiling for Anomaly Detection using Vector Quantization

J. Zheng, M. Hu, and H. Zhang (PRC)

Keywords

anomaly detection; vector quantization; usage behavior profile; self-organizing map; codebook

Abstract

In network security community, anomaly detection is the research center as one of the important intrusion detection approaches. Constructing the usage behavior profile is the first important step in anomaly detection. In this paper, using the self-organizing maps (SOM), we propose to design the vector quantization (VQ) framework to build usage profile for anomaly detection. After the feature attribute extraction, the network traffic flow is translated into the feature vector style. And then, the network traffic usage behavior profile can be represented by the VQ codebook from which the behaviour deviation can be measured quantitatively. Via the intrusion detection benchmark data of “DARPA Intrusion Detection Evaluation” in experiments, it is shown that the network attacks are detected with high detection rates and low false alarms.

Important Links:



Go Back