Dayanıklı Temel Bileşenler Analizi ile Anomali Tespiti Üzerine Bir Uygulama

Year 2024, Volume: 19 Issue: 1, 107 - 112, 28.03.2024

Kübra Bağcı Genel H. Eray Çelik

https://doi.org/10.55525/tjst.1293057

Abstract

Dijital sistemlere yönelik artan sayıda tehdit ve saldırılar sebebi ile güvenli bir ağ ortamı sağlamak önemli bir problemdir. Anomali tespiti gibi yöntemlerin uygulanması, herhangi bir anomal trafik hacminin tespit edilmesine yardımcı olabilmektedir. Dayanıklı istatistiksel yöntemler de dahil olmak üzere ağ anomalilerini tespit etmek için çeşitli istatistiksel ve makine öğrenmesi yaklaşımları kullanılmaktadır. Dayanıklı yöntemler, anormal trafik modellerini belirlemeye ve bunları normal trafikten doğru bir şekilde ayırmaya yardımcı iyi bir araçtır. Bu çalışmada, ağ anomalilerini tespit etmek için kemometri ve genetik literatüründe yaygın kullanımıyla bilinen ROBPCA adlı dayanıklı bir Temel Bileşen Analizi (PCA) yöntemi kullanılmış ve PCAGRID adlı başka bir dayanıklı PCA yöntemi ile karşılaştırılmıştır. Bu yöntemlerin anomali tespit performansları, iyi bilinen bir trafik matrisine sentetik trafik hacmi enjekte edilerek değerlendirilmiştir. Uygulama sonuçlarına göre anomali tespitinde ROBPCA yöntemi daha iyi performans sağladığı görülmüştür.

Keywords

Anomali tespiti, aykırı değer, temel bileşenler analizi, dayanıklı istatistik

An Application of Robust Principal Component Analysis Methods for Anomaly Detection

Abstract

Ensuring a secure network environment is crucial, especially with the increasing number of threats and attacks on digital systems. Implementing effective security measures, such as anomaly detection can help detect any abnormal traffic patterns. Several statistical and machine learning approaches are used to detect network anomalies including robust statistical methods. Robust methods can help identify abnormal traffic patterns and distinguish them from normal traffic accurately. In this study, a robust Principal Component Analysis (PCA) method called ROBPCA which is known for its extensive use in the literature of chemometrics and genetics is utilized for detecting network anomalies and compared with another robust PCA method called PCAGRID. The anomaly detection performances of these methods are evaluated by injecting synthetic traffic volume into a well-known traffic matrix. According to the application results, when the normal subspace is contaminated with large anomalies the ROBPCA method provides much better performance in detecting anomalies.

Keywords

Anomaly detection, outlier, principal component analysis, robust statistics

References

• Pascoal C, Oliveira MR de, Valadas R, et al. Robust feature selection and robust PCA for internet traffic anomaly detection. 2012 Proceedings IEEE INFOCOM 2012[Online] 2012.
• Zimmerman DW. A Note on the Influence of Outliers on Parametric and Nonparametric Tests. J Gen Psychol Routledge 1994; 121(4):391–401.
• Ringberg H, Soule A, Rexford J, et al. Sensitivity of PCA for Traffic Anomaly Detection. SIGMETRICS Perform. Eval. Rev. Association for Computing Machinery: New York, NY, USA 2007; 35(1):109–20.
• Brauckhoff D, Salamatian K, May M. Applying PCA for Traffic Anomaly Detection: Problems and Solutions. IEEE INFOCOM 2009 2009[Online] 2009.
• Fernandes G, Rodrigues JJPC, Carvalho LF, et al. A comprehensive survey on network anomaly detection. Telecommun Syst 2019; 70(3):447–89.
• Hubert M, Rousseeuw PJ, Branden K Vanden. ROBPCA: A New Approach to Robust Principal Component Analysis. Technometrics Taylor & Francis 2005; 47(1):64–79.
• Croux C, Filzmoser P, Oliveira MR. Algorithms for Projection–Pursuit robust principal component analysis. Chemometrics and Intelligent Laboratory Systems 2007; 87(2):218–25.
• Pascoal C. and Oliveira MR and PA and VR. Detection of Outliers Using Robust Principal Component Analysis: A Simulation Study. Combining Soft Computing and Statistical Methods in Data Analysis 2010[Online] Springer Berlin Heidelberg: Berlin, Heidelberg 2010.
• Chen X, Zhang B, Wang T, et al. Robust principal component analysis for accurate outlier sample detection in RNA-Seq data. BMC Bioinformatics 2020; 21(1):269.
• Kazemi M, Rodrigues PC. Robust singular spectrum analysis: comparison between classical and robust approaches for model fit and forecasting. Comput Stat 2023;
• Burr B. Intruder Alert: Dimension Reduction and Density-Based Clustering for a Cybersecurity Application. 2021[Online] Ottawa 2021.
• Lakhina A, Crovella M, Diot C. Diagnosing Network-Wide Traffic Anomalies. Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications 2004[Online] Association for Computing Machinery: New York, NY, USA 2004.
• Abdelkefi A, Jiang Y, Wang W, et al. Robust Traffic Anomaly Detection with Principal Component Pursuit. Proceedings of the ACM CoNEXT Student Workshop 2010[Online] Association for Computing Machinery: New York, NY, USA 2010.
• Wang Z, Hu K, Xu K, et al. Structural analysis of network traffic matrix via relaxed principal component pursuit. Computer Networks 2012; 56(7):2049–67.
• Kudo T, Morita T, Matsuda T, et al. PCA-based robust anomaly detection using periodic traffic behavior. 2013 IEEE International Conference on Communications Workshops (ICC) 2013[Online] 2013.
• Matsuda T, Morita T, Kudo T, et al. Traffic anomaly detection based on robust principal component analysis using periodic traffic behavior. IEICE Transactions on Communications The Institute of Electronics, Information and Communication Engineers 2017; 100(5):749–61.
• Hadri A, Chougdali K, Touahni R. A Network Intrusion Detection Based on Improved Nonlinear Fuzzy Robust PCA. 2018 IEEE 5th International Congress on Information Science and Technology (CiSt) 2018[Online] 2018.
• Vilaça ESC, Vieira TPB, Sousa RT de, et al. Botnet traffic detection using RPCA and Mahalanobis Distance. 2019 Workshop on Communication Networks and Power Systems (WCNPS) 2019[Online] 2019.
• Wang Z, Han D, Li M, et al. The abnormal traffic detection scheme based on PCA and SSH. Conn Sci Taylor & Francis 2022; 34(1):1201–20.
• Lu W. Detecting Malicious Attacks Using Principal Component Analysis in Medical Cyber-Physical Systems. In: Traore I, Woungang I, Saad S, Eds. Artificial Intelligence for Cyber-Physical Systems Hardening Springer International Publishing: Cham 2023; pp. 203–15.
• Verboven S, Hubert M. LIBRA: a MATLAB library for robust analysis. Chemometrics and Intelligent Laboratory Systems 2005; 75(2):127–36.
• Zhang Y. Abilene Data. https://WwwCsUtexasEdu/~yzhang/Research/AbileneTM/ [Online].
• Nagaraja S, Jalaparti V, Caesar M, et al. P3CA: Private Anomaly Detection Across ISP Networks. Privacy Enhancing Technologies 2011[Online] Springer Berlin Heidelberg: Berlin, Heidelberg 2011.
• Hair JF, Black WC, Babin BJ, et al. Multivariate data analysis: Pearson new international edition. Essex: Pearson Education Limited 2014; 1(2).
• Rubinstein BIP, Nelson B, Huang L, et al. ANTIDOTE: Understanding and Defending against Poisoning of Anomaly Detectors. Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement 2009[Online] Association for Computing Machinery: New York, NY, USA 2009.
• Shieh AD, Hung YS. Detecting Outlier Samples in Microarray Data 2009; 8(1).
• Granzotto C, Sutherland K, Arslanoglu J, et al. Discrimination of Acacia gums by MALDI-TOF MS: applications to micro-samples from works of art. Microchemical Journal 2019; 144:229–41.