Paper ID | CHLG-2.4 | ||
Paper Title | FDEN: MINING EFFECTIVE INFORMATION OF FEATURES IN DETECTING NETWORK ANOMALIES | ||
Authors | Bin Li, Yijie Wang, Mingyu Liu, Kele Xu, Zhongyang Wang, Li Cheng, Yizhou Li, National University of Defense Technology, China | ||
Session | CHLG-2: ZYELL - NCTUNetwork Anomaly Detection Challenge | ||
Location | Zoom | ||
Session Time: | Monday, 07 June, 13:00 - 14:45 | ||
Presentation Time: | Monday, 07 June, 13:00 - 14:45 | ||
Presentation | Poster | ||
Topic | Grand Challenge: ZYELL - NCTUNetwork Anomaly Detection Challenge | ||
IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
Abstract | Network anomaly detection is important for detecting and reacting to the presence of network attacks. In this paper, we propose a novel method to effectively leverage the features in detecting network anomalies, named FDEn, consisting of flow-based Feature Derivation (FD) and prior knowledge incorporated Ensemble models (Enpk). To mine the effective information in features, 149 features are derived to enrich the feature set of the original data with covering more characteristics of network traffic. To leverage these features effectively, an ensemble model Enpk, including CatBoost and XGBoost, based on the bagging strategy is proposed to first detect anomalies by combining numerical features and categorical features. And then, Enpk adjusts the predicted label of specific data by incorporating the prior knowledge of network security. We conduct empirically experiments on the data set provided by the Network Anomaly Detection Challenge (NADC), in which we obtain average improvement up to 61.6%, 31.7%, 50.2%, and 45.0%, in terms of the cost score, precision, recall and F1-score, respectively。 |