Deakin University
Browse

File(s) under permanent embargo

A general collaborative framework for modeling and perceiving distributed network behavior

Version 2 2024-06-05, 11:00
Version 1 2016-11-16, 11:54
journal contribution
posted on 2016-10-13, 00:00 authored by Y Xie, Yu Wang, H He, Yang Xiang, S Yu, X Liu
Collaborative Anomaly Detection (CAD) is an emerging field of network security in both academia and industry. It has attracted a lot of attention, due to the limitations of traditional fortress-style defense modes. Even though a number of pioneer studies have been conducted in this area, few of them concern about the universality issue. This work focuses on two aspects of it. First, a unified collaborative detection framework is developed based on network virtualization technology. Its purpose is to provide a generic approach that can be applied to designing specific schemes for various application scenarios and objectives. Second, a general behavior perception model is proposed for the unified framework based on hidden Markov random field. Spatial Markovianity is introduced to model the spatial context of distributed network behavior and stochastic interaction among interconnected nodes. Algorithms are derived for parameter estimation, forward prediction, backward smooth, and the normality evaluation of both global network situation and local behavior. Numerical experiments using extensive simulations and several real datasets are presented to validate the proposed solution. Performance-related issues and comparison with related works are discussed.

History

Journal

IEEE/ACM transactions on networking

Volume

24

Issue

5

Pagination

3162 - 3176

Publisher

IEEE

Location

Piscataway, N.J.

ISSN

1063-6692

eISSN

1558-2566

Language

eng

Publication classification

C Journal article; C1 Refereed article in a scholarly journal

Copyright notice

2016, IEEE