Description |
TITLE: Network Anomaly Detection Using
Adaptive Resonance Theory
ABSTRACT: This thesis focuses on the problem of anomaly detection in computer networks. Anomalies are often
malicious intrusion attempts that represent a serious threat to network security.
Adaptive Resonance Theory (ART) is used as a classification scheme for identifying malicious network traffic.
ART was originally developed in the field of biology as a way to explain how the human eye categorizes visual patterns.
For network intrusion detection, the core ART algorithm is implemented as a clustering algorithm that groups network
traffic into clusters. A machine learning process allows the number of clusters to change over time to best conform to
the data.
Network traffic is characterized by network flows, which represent a packet, or series of packets, between two distinct
nodes on a network. These flows can contain a number of attributes, including IP addresses, ports, size, and duration.
These attributes form a multi-dimensional vector that is used in the clustering process. Once data is clustered along the
defined dimensions, anomalies are identified as a data points that do not match known good or nominal traffic.
The ART clustering algorithm is tested on a realistic network simulation that was generated using the network flow
simulation tool FS. The clustering results for this simulation are presented. These results show very positive with the
Receiver Operating Curve (ROC) characteristics for the ART network anomaly detection algorithm
COMMITTEE: Advisor: Christos Cassandras, SE/ECE; Ioannis Paschalidis, SE/ECE; David Starobinski, SE/ECE |