Network Anomaly Detection: A Machine Learning Perspective, 1st Edition (Hardback) book cover

Network Anomaly Detection

A Machine Learning Perspective, 1st Edition

By Dhruba Kumar Bhattacharyya, Jugal Kumar Kalita

Chapman and Hall/CRC

366 pages | 71 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781466582088
pub: 2013-06-18
SAVE ~$25.00
eBook (VitalSource) : 9780429166877
pub: 2013-06-18
from $28.98

FREE Standard Shipping!


With the rapid rise in the ubiquity and sophistication of Internet technology and the accompanying growth in the number of network attacks, network intrusion detection has become increasingly important. Anomaly-based network intrusion detection refers to finding exceptional or nonconforming patterns in network traffic data compared to normal behavior. Finding these anomalies has extensive applications in areas such as cyber security, credit card and insurance fraud detection, and military surveillance for enemy activities. Network Anomaly Detection: A Machine Learning Perspective presents machine learning techniques in depth to help you more effectively detect and counter network intrusion.

In this book, you’ll learn about:

  • Network anomalies and vulnerabilities at various layers
  • The pros and cons of various machine learning techniques and algorithms
  • A taxonomy of attacks based on their characteristics and behavior
  • Feature selection algorithms
  • How to assess the accuracy, performance, completeness, timeliness, stability, interoperability, reliability, and other dynamic aspects of a network anomaly detection system
  • Practical tools for launching attacks, capturing packet or flow traffic, extracting features, detecting attacks, and evaluating detection performance
  • Important unresolved issues and research challenges that need to be overcome to provide better protection for networks

Examining numerous attacks in detail, the authors look at the tools that intruders use and show how to use this knowledge to protect networks. The book also provides material for hands-on development, so that you can code on a testbed to implement detection methods toward the development of your own intrusion detection system. It offers a thorough introduction to the state of the art in network anomaly detection using machine learning approaches and systems.

Table of Contents


The Internet and Modern Networks

Network Vulnerabilities

Anomalies and Anomalies in Networks

Machine Learning

Prior Work on Network Anomaly Detection

Contributions of This Book


Networks and Anomalies

Networking Basics

Anomalies in a Network

An Overview of Machine Learning Methods


Types of Machine Learning Methods

Supervised Learning: Some Popular Methods

Unsupervised Learning

Probabilistic Learning

Soft Computing

Reinforcement Learning

Hybrid Learning Methods


Detecting Anomalies in Network Data

Detection of Network Anomalies

Aspects of Network Anomaly Detection



Feature Selection

Feature Selection vs. Feature Extraction

Feature Relevance


Applications of Feature Selection

Prior Surveys on Feature Selection

Problem Formulation

Steps in Feature Selection

Feature Selection Methods: A Taxonomy

Existing Methods of Feature Selection

Subset Evaluation Measures

Systems and Tools for Feature Selection


Approaches to Network Anomaly Detection

Network Anomaly Detection Methods

Types of Network Anomaly Detection Methods

Anomaly Detection Using Supervised Learning

Anomaly Detection Using Unsupervised Learning

Anomaly Detection Using Probabilistic Learning

Anomaly Detection Using Soft Computing

Knowledge in Anomaly Detection

Anomaly Detection Using Combination Learners


Evaluation Methods







Data Quality, Validity and Reliability

Alert Information

Unknown Attacks Detection

Updating References


Tools and Systems


Attack Related Tools

Attack Detection Systems


Open Issues, Challenges and Concluding Remarks

Runtime Limitations for Anomaly Detection Systems

Reducing the False Alarm Rate

Issues in Dimensionality Reduction

Computational Needs of Network Defense Mechanisms

Designing Generic Anomaly Detection Systems

Handling Sophisticated Anomalies

Adaptability to Unknown Attacks

Detecting and Handling Large-Scale Attacks

Infrastructure Attacks

High Intensity Attacks

More Inventive Attacks

Concluding Remarks



About the Authors

Dhruba Kumar Bhattacharyya is a professor in computer science and engineering at Tezpur University. Professor Bhattacharyya's research areas include network security, data mining, and bioinformatics. He has published more than 180 research articles in leading international journals and peer-reviewed conference proceedings. Dr. Bhattacharyya has written or edited seven technical books in English and two technical reference books in Assamese. He is on the editorial board of several international journals and has also been associated with several international conferences. For more about Dr. Bhattacharyya, see his profile at Tezpur University.

Jugal Kumar Kalita teaches computer science at the University of Colorado, Colorado Springs. His expertise is in the areas of artificial intelligence and machine learning, and the application of techniques in machine learning to network security, natural language processing, and bioinformatics. He has published 115 papers in journals and refereed conferences, and is the author of a book on Perl. He received the Chancellor's Award at the University of Colorado in 2011, in recognition of lifelong excellence in teaching, research, and service. For more about Dr. Kalita, see his profile at the University of Colorado.

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Programming / Games
COMPUTERS / Machine Theory
COMPUTERS / Security / General
COMPUTERS / Security / Cryptography