Network Traffic Anomaly Detection Using Quantile Regression with Tolerance

Simple item page
dc.authorscopusid 55364564400
dc.authorscopusid 58734536500
dc.authorscopusid 57289197300
dc.authorscopusid 58733078100
dc.authorscopusid 58733078200
dc.authorscopusid 6506505859
dc.contributor.author Arsan, Taner
dc.contributor.author Guler,A.K.
dc.contributor.author Yildiz,E.
dc.contributor.author Kilinc,S.
dc.contributor.author Camlidere,B.
dc.contributor.author Arsan,T.
dc.contributor.other Computer Engineering
dc.date.accessioned 2024-06-23T21:39:20Z
dc.date.available 2024-06-23T21:39:20Z
dc.date.issued 2023
dc.department Kadir Has University en_US
dc.department-temp Alsan H.F., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Guler A.K., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Yildiz E., Turknet, Department of Data Science, Istanbul, Turkey; Kilinc S., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Camlidere B., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Arsan T., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey en_US
dc.description IEEE Communications Society en_US
dc.description.abstract Network traffic anomaly detection describes a time series anomaly detection problem where a sudden increase or decrease (called spikes) in network traffic is predicted. Data is modeled with the trend and heteroscedastic noise component. Traditional autoregressive models struggle to capture data changes effectively, making anomaly detection difficult. Our approach is to generate upper and lower limits by using quantile regression. We use a deep learning based multilayer perceptron model to predict five data quantiles 1, 25, 50, 75, and 99. The upper and lower limits are calculated as differences between the quantile-1 and quantile-99. Any data that is outside these limits are considered as an anomaly. We also add tolerance to these limits to add flexibility to anomaly detection. Anomalies and non-anomalies are labeled to get a binary classification task. Anomaly detection is class imbalanced by nature; therefore, precision, recall, and F-1 score are computed to evaluate the proposed anomaly detection method. We conclude that choosing tolerance is a tradeoff between false alarms and missing anomaly detections. © 2023 IEEE. en_US
dc.identifier.citationcount 0
dc.identifier.doi 10.1109/BlackSeaCom58138.2023.10299728
dc.identifier.endpage 305 en_US
dc.identifier.isbn 979-835033782-2
dc.identifier.scopus 2-s2.0-85178994954
dc.identifier.scopusquality N/A
dc.identifier.startpage 300 en_US
dc.identifier.uri https://doi.org/10.1109/BlackSeaCom58138.2023.10299728
dc.identifier.uri https://hdl.handle.net/20.500.12469/5855
dc.identifier.wosquality N/A
dc.language.iso en en_US
dc.publisher Institute of Electrical and Electronics Engineers Inc. en_US
dc.relation.ispartof 2023 IEEE International Black Sea Conference on Communications and Networking, BlackSeaCom 2023 -- 2023 IEEE International Black Sea Conference on Communications and Networking, BlackSeaCom 2023 -- 4 July 2023 through 7 July 2023 -- Istanbul -- 194300 en_US
dc.relation.publicationcategory Konferans Öğesi - Uluslararası - Kurum Öğretim Elemanı en_US
dc.rights info:eu-repo/semantics/closedAccess en_US
dc.scopus.citedbyCount 1
dc.subject Anomaly Detection en_US
dc.subject Deep Learning en_US
dc.subject Multilayer Perceptron en_US
dc.subject Network Traffic en_US
dc.subject Time Series en_US
dc.title Network Traffic Anomaly Detection Using Quantile Regression with Tolerance en_US
dc.type Conference Object en_US
dspace.entity.type Publication
relation.isAuthorOfPublication 7959ea6c-1b30-4fa0-9c40-6311259c0914
relation.isAuthorOfPublication.latestForDiscovery 7959ea6c-1b30-4fa0-9c40-6311259c0914
relation.isOrgUnitOfPublication fd8e65fe-c3b3-4435-9682-6cccb638779c
relation.isOrgUnitOfPublication.latestForDiscovery fd8e65fe-c3b3-4435-9682-6cccb638779c

Files

Collections

Scopus İndeksli Yayınlar Koleksiyonu