1st Edition

Network Anomaly Detection A Machine Learning Perspective

    366 Pages 71 B/W Illustrations
    by Chapman & Hall

    With the rapid rise in the ubiquity and sophistication of Internet technology and the accompanying growth in the number of network attacks, network intrusion detection has become increasingly important. Anomaly-based network intrusion detection refers to finding exceptional or nonconforming patterns in network traffic data compared to normal behavior. Finding these anomalies has extensive applications in areas such as cyber security, credit card and insurance fraud detection, and military surveillance for enemy activities. Network Anomaly Detection: A Machine Learning Perspective presents machine learning techniques in depth to help you more effectively detect and counter network intrusion.

    In this book, you’ll learn about:

    • Network anomalies and vulnerabilities at various layers
    • The pros and cons of various machine learning techniques and algorithms
    • A taxonomy of attacks based on their characteristics and behavior
    • Feature selection algorithms
    • How to assess the accuracy, performance, completeness, timeliness, stability, interoperability, reliability, and other dynamic aspects of a network anomaly detection system
    • Practical tools for launching attacks, capturing packet or flow traffic, extracting features, detecting attacks, and evaluating detection performance
    • Important unresolved issues and research challenges that need to be overcome to provide better protection for networks

    Examining numerous attacks in detail, the authors look at the tools that intruders use and show how to use this knowledge to protect networks. The book also provides material for hands-on development, so that you can code on a testbed to implement detection methods toward the development of your own intrusion detection system. It offers a thorough introduction to the state of the art in network anomaly detection using machine learning approaches and systems.

    The Internet and Modern Networks
    Network Vulnerabilities
    Anomalies and Anomalies in Networks
    Machine Learning
    Prior Work on Network Anomaly Detection
    Contributions of This Book

    Networks and Anomalies
    Networking Basics
    Anomalies in a Network

    An Overview of Machine Learning Methods
    Types of Machine Learning Methods
    Supervised Learning: Some Popular Methods
    Unsupervised Learning
    Probabilistic Learning
    Soft Computing
    Reinforcement Learning
    Hybrid Learning Methods

    Detecting Anomalies in Network Data
    Detection of Network Anomalies
    Aspects of Network Anomaly Detection

    Feature Selection
    Feature Selection vs. Feature Extraction
    Feature Relevance
    Applications of Feature Selection
    Prior Surveys on Feature Selection
    Problem Formulation
    Steps in Feature Selection
    Feature Selection Methods: A Taxonomy
    Existing Methods of Feature Selection
    Subset Evaluation Measures
    Systems and Tools for Feature Selection

    Approaches to Network Anomaly Detection
    Network Anomaly Detection Methods
    Types of Network Anomaly Detection Methods
    Anomaly Detection Using Supervised Learning
    Anomaly Detection Using Unsupervised Learning
    Anomaly Detection Using Probabilistic Learning
    Anomaly Detection Using Soft Computing
    Knowledge in Anomaly Detection
    Anomaly Detection Using Combination Learners

    Evaluation Methods
    Data Quality, Validity and Reliability
    Alert Information
    Unknown Attacks Detection
    Updating References

    Tools and Systems
    Attack Related Tools
    Attack Detection Systems

    Open Issues, Challenges and Concluding Remarks
    Runtime Limitations for Anomaly Detection Systems
    Reducing the False Alarm Rate
    Issues in Dimensionality Reduction
    Computational Needs of Network Defense Mechanisms
    Designing Generic Anomaly Detection Systems
    Handling Sophisticated Anomalies
    Adaptability to Unknown Attacks
    Detecting and Handling Large-Scale Attacks
    Infrastructure Attacks
    High Intensity Attacks
    More Inventive Attacks
    Concluding Remarks



    Dhruba Kumar Bhattacharyya is a professor in computer science and engineering at Tezpur University. Professor Bhattacharyya's research areas include network security, data mining, and bioinformatics. He has published more than 180 research articles in leading international journals and peer-reviewed conference proceedings. Dr. Bhattacharyya has written or edited seven technical books in English and two technical reference books in Assamese. He is on the editorial board of several international journals and has also been associated with several international conferences. For more about Dr. Bhattacharyya, see his profile at Tezpur University.

    Jugal Kumar Kalita teaches computer science at the University of Colorado, Colorado Springs. His expertise is in the areas of artificial intelligence and machine learning, and the application of techniques in machine learning to network security, natural language processing, and bioinformatics. He has published 115 papers in journals and refereed conferences, and is the author of a book on Perl. He received the Chancellor's Award at the University of Colorado in 2011, in recognition of lifelong excellence in teaching, research, and service. For more about Dr. Kalita, see his profile at the University of Colorado.