Network Traffic Anomaly Detection Using Quantile Regression with Tolerance

dc.authorscopusid55364564400
dc.authorscopusid58734536500
dc.authorscopusid57289197300
dc.authorscopusid58733078100
dc.authorscopusid58733078200
dc.authorscopusid6506505859
dc.contributor.authorArsan, Taner
dc.contributor.authorGuler,A.K.
dc.contributor.authorYildiz,E.
dc.contributor.authorKilinc,S.
dc.contributor.authorCamlidere,B.
dc.contributor.authorArsan,T.
dc.date.accessioned2024-06-23T21:39:20Z
dc.date.available2024-06-23T21:39:20Z
dc.date.issued2023
dc.departmentKadir Has Universityen_US
dc.department-tempAlsan H.F., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Guler A.K., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Yildiz E., Turknet, Department of Data Science, Istanbul, Turkey; Kilinc S., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Camlidere B., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Arsan T., Kadir Has University, Department of Computer Engineering, Istanbul, Turkeyen_US
dc.descriptionIEEE Communications Societyen_US
dc.description.abstractNetwork traffic anomaly detection describes a time series anomaly detection problem where a sudden increase or decrease (called spikes) in network traffic is predicted. Data is modeled with the trend and heteroscedastic noise component. Traditional autoregressive models struggle to capture data changes effectively, making anomaly detection difficult. Our approach is to generate upper and lower limits by using quantile regression. We use a deep learning based multilayer perceptron model to predict five data quantiles 1, 25, 50, 75, and 99. The upper and lower limits are calculated as differences between the quantile-1 and quantile-99. Any data that is outside these limits are considered as an anomaly. We also add tolerance to these limits to add flexibility to anomaly detection. Anomalies and non-anomalies are labeled to get a binary classification task. Anomaly detection is class imbalanced by nature; therefore, precision, recall, and F-1 score are computed to evaluate the proposed anomaly detection method. We conclude that choosing tolerance is a tradeoff between false alarms and missing anomaly detections. © 2023 IEEE.en_US
dc.identifier.citation0
dc.identifier.doi10.1109/BlackSeaCom58138.2023.10299728
dc.identifier.endpage305en_US
dc.identifier.isbn979-835033782-2
dc.identifier.scopus2-s2.0-85178994954
dc.identifier.scopusqualityN/A
dc.identifier.startpage300en_US
dc.identifier.urihttps://doi.org/10.1109/BlackSeaCom58138.2023.10299728
dc.identifier.urihttps://hdl.handle.net/20.500.12469/5855
dc.identifier.wosqualityN/A
dc.language.isoenen_US
dc.publisherInstitute of Electrical and Electronics Engineers Inc.en_US
dc.relation.ispartof2023 IEEE International Black Sea Conference on Communications and Networking, BlackSeaCom 2023 -- 2023 IEEE International Black Sea Conference on Communications and Networking, BlackSeaCom 2023 -- 4 July 2023 through 7 July 2023 -- Istanbul -- 194300en_US
dc.relation.publicationcategoryKonferans Öğesi - Uluslararası - Kurum Öğretim Elemanıen_US
dc.rightsinfo:eu-repo/semantics/closedAccessen_US
dc.subjectAnomaly Detectionen_US
dc.subjectDeep Learningen_US
dc.subjectMultilayer Perceptronen_US
dc.subjectNetwork Trafficen_US
dc.subjectTime Seriesen_US
dc.titleNetwork Traffic Anomaly Detection Using Quantile Regression with Toleranceen_US
dc.typeConference Objecten_US
dspace.entity.typePublication
relation.isAuthorOfPublication7959ea6c-1b30-4fa0-9c40-6311259c0914
relation.isAuthorOfPublication.latestForDiscovery7959ea6c-1b30-4fa0-9c40-6311259c0914

Files