Skip to main content
SpringerLink
Log in

Particle Filtering as a Modeling Tool for Anomaly Detection in Networks

  • Chapter
  • First Online:
Complex Networks VII

Part of the book series: Studies in Computational Intelligence ((SCI,volume 644))

Abstract

When linearity can be rigorously assumed for stochastic processes, the linear Kalman filter can be used as a powerful tool for anomaly detection in communication networks. However, this assumption done with a strong evidence is not generally proved in a rigorous way. So it is important to develop other methodology, for the scope of anomaly detection, which are not obliged to be based on that assumption. This paper is focused on the use of particle filtering to build a normal behavioral model for an anomaly detector. The particle filter is calibrated for entropy reduction for the scope of noise reduction in the measurements. With the help of a mixture of normal distributions, we can reuse the filtered observations to identify anomalous events in a few number of classes. Generally anomalies might be rare and thus they might happen on a few clusters. So, using a new decision process based on a hidden markov model, we can track and identify the potential abnormal clusters. We study the performances of this system by analyzing the false alarm rate vs detection rate trade-off by means of Receiver Operating Characteristic curve, and compare the results with the Kalman filter. We validate the approach to track volume anomalies over real network traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bergman N., Recursive Bayesian estimation: Navigation and tracking applications, Ph.D. dissertation, Linkoping University, Linkoping, Sweden (1999)

    Google Scholar 

  2. Carpenter, J., Clifford, P., Fearnhead, P.: Improved particle filter for nonlinear problems. Proc. Inst. Elect. Eng, Radar Sonar Navig. (1999)

    Google Scholar 

  3. Crisan, D., Del Moral, P., Lyons, T.J.: Non-linear filtering using branching and interacting particle systems. Markov Process. Relat. Fields 5(3), 293–319 (1999)

    MATH  Google Scholar 

  4. Del Moral, P.: Non-linear filtering: interacting particle solution. Markov Process. Relat. Fields 2(4), 555–580

    Google Scholar 

  5. Doucet A., de Freitas J.F.G., Gordon N.J.: An introduction to sequential Monte Carlo methods, in sequential Monte Carlo methods in practice. In: Doucet, A., de Freitas, J.F.G., Gordon, N.J. (eds.) New York, Springer (2001)

    Google Scholar 

  6. Doucet, A.: On sequential Monte Carlo methods for Bayesian filtering, Department of Engineering, University of Cambridge, UK, Technical report (1998)

    Google Scholar 

  7. Gordon, N., Salmond, D., Smith, A.F.M.: Novel approach to nonlinear and non-Gaussian Bayesian state estimation. Proc. Inst. Elect. Eng. F 140, 107–113 (1993)

    Google Scholar 

  8. Lakhina, A., Crovella, M., Diot, C.: Characterization of network-wide traffic anomalies. In: ACM Sigmetrics (2004)

    Google Scholar 

  9. Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: SIGCOMM 2004: Proceedings of the 2004 conference on Applications. technologies, architectures, and protocols for computer communications, pp. 219–230. ACM Press, New York, NY, USA (2004)

    Google Scholar 

  10. Liu, J.S., Chen, R.: Sequential Monte Carlo methods for dynamical systems. J. Amer. Stat. Assoc. 93, 1032–1044 (1998)

    Article  MATH  Google Scholar 

  11. MacCormick J., Blake A.: A probabilistic exclusion principle for tracking multiple objects. In: Proceedings of the International Conference on Computer Vision, pp. 572–578 (1999)

    Google Scholar 

  12. Maybeck, P.: Stochastic Models, Estimation and Control, vol. 2. Academic Press (1982). Using MATLAB. Wiley Interscience (2001)

    Google Scholar 

  13. Ndong, J., Salamatian, K.: A robust anomaly detection technique using combined statistical methods. In: CNSR 2011, IEEE Xplore, pp. 101–108, May 2011. ISBN: 978-1-4577-0040-8

    Google Scholar 

  14. Ndong, J., Salamatian, K.: Signal Processing-based Anomaly Detection Techniques: A Comparative Analysis. In: The Third International Conference on Evolving Internet. INTERNET 2011. ISBN: 978-1-61208-141-0

    Google Scholar 

  15. Ndong, J.: Anomaly Detection: A Technique Using Kalman Filtering and Principal Component Analysis. ATAI NTC 2012 GSTF 2012

    Google Scholar 

  16. Ripley, B.: Stochastic Simulation. Wiley, New York (1987)

    Book  MATH  Google Scholar 

  17. Sanjeev Arulampalam, M., Maskell, S., Gordon, N., Clapp, T.A.: Tutorial on particle filters for online nonlinear/non-gaussian Bayesian tracking. IEEE Trans. Signal Process. 50(2) (2002)

    Google Scholar 

  18. Shumway, R.H., Stoffer, D.S.: An approach to time series smoothing and forecasting using the EM algorithm. J. Time Ser. Anal. 3(4)

    Google Scholar 

  19. Sumway, R.H., Stoffer, D.S.: Dynamic linear model with switching. J. Am. Stat. Assoc. 86 (1991)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics and Computer Science, University Cheikh Anta Diop, BP 5005, Fann Dakar, Senegal

    Ibrahima Gueye & Joseph Ndong

Authors
  1. Ibrahima Gueye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joseph Ndong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joseph Ndong .

Editor information

Editors and Affiliations

  1. LE2I , UFR Sciences et Techniques, Université de Bourgogne, Dijon, France

    Hocine Cherifi

  2. New York University, Center for Data Science, New York, USA

    Bruno Gonçalves

  3. BioComplex Laboratory, Computer Sciences, Florida Institute of Technology, Melbourne, FL, Florida, USA

    Ronaldo Menezes

  4. 111 Dana, Physics Department, Northeastern University, Boston, Massachusetts, USA

    Roberta Sinatra

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Gueye, I., Ndong, J. (2016). Particle Filtering as a Modeling Tool for Anomaly Detection in Networks. In: Cherifi, H., Gonçalves, B., Menezes, R., Sinatra, R. (eds) Complex Networks VII. Studies in Computational Intelligence, vol 644. Springer, Cham. https://doi.org/10.1007/978-3-319-30569-1_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30569-1_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30568-4

  • Online ISBN: 978-3-319-30569-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation