• Title, Summary, Keyword: Anomaly Monitoring

Search Result 84, Processing Time 0.039 seconds

A Probabilistic Sampling Method for Efficient Flow-based Analysis

  • Jadidi, Zahra;Muthukkumarasamy, Vallipuram;Sithirasenan, Elankayer;Singh, Kalvinder
    • Journal of Communications and Networks
    • /
    • v.18 no.5
    • /
    • pp.818-825
    • /
    • 2016
  • Network management and anomaly detection are challenges in high-speed networks due to the high volume of packets that has to be analysed. Flow-based analysis is a scalable method which reduces the high volume of network traffic by dividing it into flows. As sampling methods are extensively used in flow generators such as NetFlow, the impact of sampling on the performance of flow-based analysis needs to be investigated. Monitoring using sampled traffic is a well-studied research area, however, the impact of sampling on flow-based anomaly detection is a poorly researched area. This paper investigates flow sampling methods and shows that these methods have negative impact on flow-based anomaly detection. Therefore, we propose an efficient probabilistic flow sampling method that can preserve flow traffic distribution. The proposed sampling method takes into account two flow features: Destination IP address and octet. The destination IP addresses are sampled based on the number of received bytes. Our method provides efficient sampled traffic which has the required traffic features for both flow-based anomaly detection and monitoring. The proposed sampling method is evaluated using a number of generated flow-based datasets. The results show improvement in preserved malicious flows.

GPS Anomaly Analysis and Pseudorange Accuracy Improvement by Anomalous Satellite Elimination

  • Yoo, Yun-Ja;Cho, Deuk-Jae;Park, Sang-Hyun
    • Journal of Navigation and Port Research
    • /
    • v.34 no.7
    • /
    • pp.511-516
    • /
    • 2010
  • GPS anomaly has increased according to the degradation of satellite performance, and many GPS users could be exposed to any kinds of error-included signals without any previous notice when unscheduled error occurred. RSIM (Reference Station Integrity Monitors) is a typical monitoring method to broadcast PRC (Pseudo Range Correction) for users. However, there were some cases that the receiver detected the anomalous satellite's signal even though it was unhealthy set, consequently it occurred a large range error. Then it is important to monitor the integrity of GPS signal and it is needed to devise the correction method of pseudorange by eliminating error-occurred PRN for notification to GPS users when it is monitored that the anomaly occurred. This paper proposes the basic concept of how to correct the pseudorange. The paper also shows the analysis results of PRN10 GPS anomaly occurred on day 39 in 2007 with corrected results by eliminating anomaly satellite (PRN10). The proposed correction method shows decreased pseudorange error range compared to the case when the anomaly satellite were used.

A Moving Window Principal Components Analysis Based Anomaly Detection and Mitigation Approach in SDN Network

  • Wang, Mingxin;Zhou, Huachun;Chen, Jia
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.8
    • /
    • pp.3946-3965
    • /
    • 2018
  • Network anomaly detection in Software Defined Networking, especially the detection of DDoS attack, has been given great attention in recent years. It is convenient to build the Traffic Matrix from a global view in SDN. However, the monitoring and management of high-volume feature-rich traffic in large networks brings significant challenges. In this paper, we propose a moving window Principal Components Analysis based anomaly detection and mitigation approach to map data onto a low-dimensional subspace and keep monitoring the network state in real-time. Once the anomaly is detected, the controller will install the defense flow table rules onto the corresponding data plane switches to mitigate the attack. Furthermore, we evaluate our approach with experiments. The Receiver Operating Characteristic curves show that our approach performs well in both detection probability and false alarm probability compared with the entropy-based approach. In addition, the mitigation effect is impressive that our approach can prevent most of the attacking traffic. At last, we evaluate the overhead of the system, including the detection delay and utilization of CPU, which is not excessive. Our anomaly detection approach is lightweight and effective.

Anomaly Detection in Medical Wireless Sensor Networks

  • Salem, Osman;Liu, Yaning;Mehaoua, Ahmed
    • Journal of Computing Science and Engineering
    • /
    • v.7 no.4
    • /
    • pp.272-284
    • /
    • 2013
  • In this paper, we propose a new framework for anomaly detection in medical wireless sensor networks, which are used for remote monitoring of patient vital signs. The proposed framework performs sequential data analysis on a mini gateway used as a base station to detect abnormal changes and to cope with unreliable measurements in collected data without prior knowledge of anomalous events or normal data patterns. The proposed approach is based on the Mahalanobis distance for spatial analysis, and a kernel density estimator for the identification of abnormal temporal patterns. Our main objective is to distinguish between faulty measurements and clinical emergencies in order to reduce false alarms triggered by faulty measurements or ill-behaved sensors. Our experimental results on both real and synthetic medical datasets show that the proposed approach can achieve good detection accuracy with a low false alarm rate (less than 5.5%).

Linear system parameter as an indicator for structural diagnosis of short span bridges

  • Kim, Chul-Woo;Isemoto, Ryo;Sugiura, Kunitomo;Kawatani, Mitsuo
    • Smart Structures and Systems
    • /
    • v.11 no.1
    • /
    • pp.1-17
    • /
    • 2013
  • This paper intended to investigate the feasibility of bridge health monitoring using a linear system parameter of a time series model identified from traffic-induced vibrations of bridges through a laboratory moving vehicle experiment on scaled model bridges. This study considered the system parameter of the bridge-vehicle interactive system rather than modal ones because signals obtained under a moving vehicle are not the responses of the bridge itself but those of the interactive system. To overcome the shortcomings of modal parameter-based bridge diagnosis using a time series model, this study considered coefficients of Autoregressive model (AR coefficients) as an early indicator of anomaly of bridges. This study also investigated sensitivity of AR coefficients in detecting anomaly of bridges. Observations demonstrated effectiveness of using AR coefficients as an early indicator for anomaly of bridges.

Anomaly Test for Ozone Concentration Data from National Air Monitoring Stations (오존 자동측정망 자료 중의 이상치 점검)

  • 김영성
    • Journal of Korean Society for Atmospheric Environment
    • /
    • v.15 no.2
    • /
    • pp.139-150
    • /
    • 1999
  • The ozone concentrations measured at the National Air Monitoring Stations between 1990 and 1995 were reviewed to detect any anomalies in the measurements. By screening the cases, in which variation of the ozone concentration from the previous measured value is greater than 75ppb, 125 station-days were identified as the test cases for the anomaly test. Historical and parallel consistencies of the measured concentrations were examined by plotting data for each test case. The detected anomalies can be classified into four categories; single outliers, anomalous variations during the startup period, baseline rises, and fluctuations in th diurnal variations. Anomalies were detected in as many as 80 cases among 125 test cases. Because of these anomalies, the number of hours exceeding 100ppb in the areas other than the Greater Seoul Area(GSA) could decrease from 157 to 107. Further studies for developing the methodology for eliminating the abnormal monitoring data are warranted for the data from the National Air Monitoring Stations are official to the both inside and outside of the country.

  • PDF

Anomaly Detection using Combination of Motion Features (움직임 특징 조합을 통한 이상 행동 검출)

  • Jeon, Minseong;Cheoi, Kyung Joo
    • Journal of Korea Multimedia Society
    • /
    • v.21 no.3
    • /
    • pp.348-357
    • /
    • 2018
  • The topic of anomaly detection is one of the emerging research themes in computer vision, computer interaction, video analysis and monitoring. Observers focus attention on behaviors that vary in the magnitude or direction of the motion and behave differently in rules of motion with other objects. In this paper, we use this information and propose a system that detects abnormal behavior by using simple features extracted by optical flow. Our system can be applied in real life. Experimental results show high performance in detecting abnormal behavior in various videos.

A Development of GPS SIS Anomalies Generation Software

  • Han, Younghoon;Ko, Jaeyoung;Shin, Mi Young;Cho, Deuk Jae
    • Journal of Positioning, Navigation, and Timing
    • /
    • v.2 no.1
    • /
    • pp.33-40
    • /
    • 2013
  • In this paper, GPS signal anomaly generation software is proposed which can be used for the analysis of GPS signal anomaly effect and the design, verification, and operation test of anomalous signal monitoring technique. For the implementation of anomalous signal generation technique, anomalous signals are generated using a commercial signal generation simulator, and their effects and characteristics are analyzed. An error model equation is proposed from the result of analysis, and the anomalous signal generation software is constructed based on this equation. The proposed anomalous signal generation software has high scalability so that users can easily utilize and apply, and is economical as the additional cost for purchasing equipment is not necessary. Also, it is capable of anomalous signal generation based on real-time signal by comparing with the commercial signal generation simulator.

LSTM-based Anomaly Detection on Big Data for Smart Factory Monitoring (스마트 팩토리 모니터링을 위한 빅 데이터의 LSTM 기반 이상 탐지)

  • Nguyen, Van Quan;Van Ma, Linh;Kim, Jinsul
    • Journal of Digital Contents Society
    • /
    • v.19 no.4
    • /
    • pp.789-799
    • /
    • 2018
  • This article presents machine learning based approach on Big data to analyzing time series data for anomaly detection in such industrial complex system. Long Short-Term Memory (LSTM) network have been demonstrated to be improved version of RNN and have become a useful aid for many tasks. This LSTM based model learn the higher level temporal features as well as temporal pattern, then such predictor is used to prediction stage to estimate future data. The prediction error is the difference between predicted output made by predictor and actual in-coming values. An error-distribution estimation model is built using a Gaussian distribution to calculate the anomaly in the score of the observation. In this manner, we move from the concept of a single anomaly to the idea of the collective anomaly. This work can assist the monitoring and management of Smart Factory in minimizing failure and improving manufacturing quality.

Detection algorithm of ionospheric delay anomaly based on multi-reference stations for ionospheric scintillation

  • Yoo, Yun-Ja;Cho, Deuk-Jae;Park, Sang-Hyun;Shin, Mi-Young
    • Journal of Navigation and Port Research
    • /
    • v.35 no.9
    • /
    • pp.701-706
    • /
    • 2011
  • Radio waves including GPS signals, various TV communications, and radio broadcasting can be disturbed by a strong solar storm, which may occur due to solar flares and produce an ionospheric delay anomaly in the ionosphere according to the change of total electron content. Electron density irregularities can cause deep signal fading, frequently known as ionospheric scintillation, which can result in the positioning error using GPS signal. This paper proposes a detection algorithm for the ionosphere delay anomaly during a solar storm by using multi-reference stations. Different TEC grid which has irregular electron density was applied above one reference station. Then the ionospheric delay in zenith direction applied different TEC will show comparatively large ionospheric zenith delay due to the electron irregularity. The ionospheric slant delay applied an elevation angle at reference station was analyzed to detect the ionospheric delay anomaly that can result in positioning error. A simulation test was implemented and a proposed detection algorithm using data logged by four reference stations was applied to detect the ionospheric delay anomaly compared to a criterion.