Feature Extraction for Novelty Detection in Network Traffic
- URL: http://arxiv.org/abs/2006.16993v2
- Date: Thu, 10 Jun 2021 15:58:34 GMT
- Title: Feature Extraction for Novelty Detection in Network Traffic
- Authors: Kun Yang, Samory Kpotufe, Nick Feamster
- Abstract summary: Data representation plays a critical role in the performance of novelty detection methods in machine learning.
We release an open-source tool, an accompanying Python library, and an end-to-end pipeline for novelty detection in network traffic.
- Score: 18.687465197576415
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Data representation plays a critical role in the performance of novelty
detection (or ``anomaly detection'') methods in machine learning. The data
representation of network traffic often determines the effectiveness of these
models as much as the model itself. The wide range of novel events that network
operators need to detect (e.g., attacks, malware, new applications, changes in
traffic demands) introduces the possibility for a broad range of possible
models and data representations. In each scenario, practitioners must spend
significant effort extracting and engineering features that are most predictive
for that situation or application. While anomaly detection is well-studied in
computer networking, much existing work develops specific models that presume a
particular representation -- often IPFIX/NetFlow. Yet, other representations
may result in higher model accuracy, and the rise of programmable networks now
makes it more practical to explore a broader range of representations. To
facilitate such exploration, we develop a systematic framework, open-source
toolkit, and public Python library that makes it both possible and easy to
extract and generate features from network traffic and perform and end-to-end
evaluation of these representations across most prevalent modern novelty
detection models. We first develop and publicly release an open-source tool, an
accompanying Python library (NetML), and end-to-end pipeline for novelty
detection in network traffic. Second, we apply this tool to five different
novelty detection problems in networking, across a range of scenarios from
attack detection to novel device detection. Our findings general insights and
guidelines concerning which features appear to be more appropriate for
particular situations.
Related papers
- Open-Set Deepfake Detection: A Parameter-Efficient Adaptation Method with Forgery Style Mixture [58.60915132222421]
We introduce an approach that is both general and parameter-efficient for face forgery detection.
We design a forgery-style mixture formulation that augments the diversity of forgery source domains.
We show that the designed model achieves state-of-the-art generalizability with significantly reduced trainable parameters.
arXiv Detail & Related papers (2024-08-23T01:53:36Z) - GM-DF: Generalized Multi-Scenario Deepfake Detection [49.072106087564144]
Existing face forgery detection usually follows the paradigm of training models in a single domain.
In this paper, we elaborately investigate the generalization capacity of deepfake detection models when jointly trained on multiple face forgery detection datasets.
arXiv Detail & Related papers (2024-06-28T17:42:08Z) - Visual Prompting Upgrades Neural Network Sparsification: A Data-Model Perspective [64.04617968947697]
We introduce a novel data-model co-design perspective: to promote superior weight sparsity.
Specifically, customized Visual Prompts are mounted to upgrade neural Network sparsification in our proposed VPNs framework.
arXiv Detail & Related papers (2023-12-03T13:50:24Z) - Language Models for Novelty Detection in System Call Traces [0.27309692684728604]
This paper introduces a novelty detection methodology that relies on a probability distribution over sequences of system calls.
The proposed methodology requires minimal expert hand-crafting and achieves an F-score and AuROC greater than 95% on most novelties.
The source code and trained models are publicly available on GitHub while the datasets are available on Zenodo.
arXiv Detail & Related papers (2023-09-05T13:11:40Z) - Leveraging a Probabilistic PCA Model to Understand the Multivariate
Statistical Network Monitoring Framework for Network Security Anomaly
Detection [64.1680666036655]
We revisit anomaly detection techniques based on PCA from a probabilistic generative model point of view.
We have evaluated the mathematical model using two different datasets.
arXiv Detail & Related papers (2023-02-02T13:41:18Z) - A Comprehensive Study of Real-Time Object Detection Networks Across
Multiple Domains: A Survey [9.861721674777877]
Deep neural network based object detectors are continuously evolving and are used in a multitude of applications.
While safety-critical applications need high accuracy and reliability, low-latency tasks need resource and energy-efficient networks.
A reference benchmark for existing networks does not exist, nor does a standard evaluation guideline for designing new networks.
arXiv Detail & Related papers (2022-08-23T12:01:16Z) - A Lightweight, Efficient and Explainable-by-Design Convolutional Neural
Network for Internet Traffic Classification [9.365794791156972]
This paper introduces a new Lightweight, Efficient and eXplainable-by-design convolutional neural network (LEXNet) for Internet traffic classification.
LEXNet relies on a new residual block (for lightweight and efficiency purposes) and prototype layer (for explainability)
Based on a commercial-grade dataset, our evaluation shows that LEXNet succeeds to maintain the same accuracy as the best performing state-of-the-art neural network.
arXiv Detail & Related papers (2022-02-11T10:21:34Z) - AnomMAN: Detect Anomaly on Multi-view Attributed Networks [11.331030689825258]
We propose a graph convolution-based framework, named AnomMAN, to detect Anomaly on Multi-view Attributed Networks.
According to experiments on real-world datasets, AnomMAN outperforms the state-of-the-art models.
arXiv Detail & Related papers (2022-01-08T12:49:27Z) - Explainable Adversarial Attacks in Deep Neural Networks Using Activation
Profiles [69.9674326582747]
This paper presents a visual framework to investigate neural network models subjected to adversarial examples.
We show how observing these elements can quickly pinpoint exploited areas in a model.
arXiv Detail & Related papers (2021-03-18T13:04:21Z) - Anomaly Detection on Attributed Networks via Contrastive Self-Supervised
Learning [50.24174211654775]
We present a novel contrastive self-supervised learning framework for anomaly detection on attributed networks.
Our framework fully exploits the local information from network data by sampling a novel type of contrastive instance pair.
A graph neural network-based contrastive learning model is proposed to learn informative embedding from high-dimensional attributes and local structure.
arXiv Detail & Related papers (2021-02-27T03:17:20Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.