Concept-Drift Based Identification of Suspicious Activity at Specific IP Addresses using Machine Learning
P V N Rajeswari1, M. Shashi2
1PVN Rajeswari, Assoc. Professor, Dept. of Computer Science and Engineering, Visvodaya Engineering College, Kavali, AP, India.
2Dr. M. Shashi, Professor, Dept. of Computer Science and System Engineering., Andhra University, Visakhapatnam, AP, India.
Manuscript received on 03 August 2019. | Revised Manuscript received on 08 August 2019. | Manuscript published on 30 September 2019. | PP: 6651-6655 | Volume-8 Issue-3 September 2019 | Retrieval Number: C5699098319/2019©BEIESP | DOI: 10.35940/ijrte.C5699.098319
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Network Intrusion detection systems(IDS), especially those that monitor Denial of Service(DoS) attack, aim at monitoring the network traffic continuously in order to identify suspicious activity possibly initiated at one or more nodes at specific IP addresses. Traditional anomaly detection based IDS methods rely on preset bounds on the magnitude of network traffic based on statistical measures and hence are not programmable based on the changes in the network traffic dynamics. The authors proposed a methodology for monitoring the changes in the network traffic received from individual source nodes based on concept drift in order to identify suspicious activity at specific nodes. The framework applies machine learning techniques to capture the normal traffic patterns of various source nodes and accordingly defines lower and upper bounds dynamically for each node. Based on the temporal analysis in successive time windows, it is able to discriminate an abrupt change from a gradual change in the magnitude of traffic received in a time window from a node to identify suspicious activity at the corresponding IP address. The effectiveness of the methodology is tested on real world data.
Keywords: Network Anomaly Detection, Concept Drift Measure, Parametric Learning and Packet Sniffer.
Scope of the Article: Machine Learning