Network Traffic Anomaly Detection Using Quantile Regression with Tolerance
| dc.contributor.author | Alsan,H.F. | |
| dc.contributor.author | Guler,A.K. | |
| dc.contributor.author | Yildiz,E. | |
| dc.contributor.author | Kilinc,S. | |
| dc.contributor.author | Camlidere,B. | |
| dc.contributor.author | Arsan,T. | |
| dc.date.accessioned | 2024-06-23T21:39:20Z | |
| dc.date.available | 2024-06-23T21:39:20Z | |
| dc.date.issued | 2023 | |
| dc.description | IEEE Communications Society | en_US |
| dc.description.abstract | Network traffic anomaly detection describes a time series anomaly detection problem where a sudden increase or decrease (called spikes) in network traffic is predicted. Data is modeled with the trend and heteroscedastic noise component. Traditional autoregressive models struggle to capture data changes effectively, making anomaly detection difficult. Our approach is to generate upper and lower limits by using quantile regression. We use a deep learning based multilayer perceptron model to predict five data quantiles 1, 25, 50, 75, and 99. The upper and lower limits are calculated as differences between the quantile-1 and quantile-99. Any data that is outside these limits are considered as an anomaly. We also add tolerance to these limits to add flexibility to anomaly detection. Anomalies and non-anomalies are labeled to get a binary classification task. Anomaly detection is class imbalanced by nature; therefore, precision, recall, and F-1 score are computed to evaluate the proposed anomaly detection method. We conclude that choosing tolerance is a tradeoff between false alarms and missing anomaly detections. © 2023 IEEE. | en_US |
| dc.identifier.citationcount | 0 | |
| dc.identifier.doi | 10.1109/BlackSeaCom58138.2023.10299728 | |
| dc.identifier.isbn | 979-835033782-2 | |
| dc.identifier.scopus | 2-s2.0-85178994954 | |
| dc.identifier.uri | https://doi.org/10.1109/BlackSeaCom58138.2023.10299728 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12469/5855 | |
| dc.language.iso | en | en_US |
| dc.publisher | Institute of Electrical and Electronics Engineers Inc. | en_US |
| dc.relation.ispartof | 2023 IEEE International Black Sea Conference on Communications and Networking, BlackSeaCom 2023 -- 2023 IEEE International Black Sea Conference on Communications and Networking, BlackSeaCom 2023 -- 4 July 2023 through 7 July 2023 -- Istanbul -- 194300 | en_US |
| dc.rights | info:eu-repo/semantics/closedAccess | en_US |
| dc.subject | Anomaly Detection | en_US |
| dc.subject | Deep Learning | en_US |
| dc.subject | Multilayer Perceptron | en_US |
| dc.subject | Network Traffic | en_US |
| dc.subject | Time Series | en_US |
| dc.title | Network Traffic Anomaly Detection Using Quantile Regression with Tolerance | en_US |
| dc.type | Conference Object | en_US |
| dspace.entity.type | Publication | |
| gdc.author.institutional | Arsan, Taner | |
| gdc.author.scopusid | 55364564400 | |
| gdc.author.scopusid | 58734536500 | |
| gdc.author.scopusid | 57289197300 | |
| gdc.author.scopusid | 58733078100 | |
| gdc.author.scopusid | 58733078200 | |
| gdc.author.scopusid | 6506505859 | |
| gdc.bip.impulseclass | C5 | |
| gdc.bip.influenceclass | C5 | |
| gdc.bip.popularityclass | C5 | |
| gdc.coar.access | metadata only access | |
| gdc.coar.type | text::conference output | |
| gdc.description.department | Kadir Has University | en_US |
| gdc.description.departmenttemp | Alsan H.F., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Guler A.K., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Yildiz E., Turknet, Department of Data Science, Istanbul, Turkey; Kilinc S., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Camlidere B., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey; Arsan T., Kadir Has University, Department of Computer Engineering, Istanbul, Turkey | en_US |
| gdc.description.endpage | 305 | en_US |
| gdc.description.publicationcategory | Konferans Öğesi - Uluslararası - Kurum Öğretim Elemanı | en_US |
| gdc.description.scopusquality | N/A | |
| gdc.description.startpage | 300 | en_US |
| gdc.description.wosquality | N/A | |
| gdc.identifier.openalex | W4388405367 | |
| gdc.oaire.diamondjournal | false | |
| gdc.oaire.impulse | 1.0 | |
| gdc.oaire.influence | 2.6506064E-9 | |
| gdc.oaire.isgreen | false | |
| gdc.oaire.popularity | 3.4767587E-9 | |
| gdc.oaire.publicfunded | false | |
| gdc.openalex.fwci | 0.0 | |
| gdc.openalex.normalizedpercentile | 0.0 | |
| gdc.opencitations.count | 0 | |
| gdc.plumx.mendeley | 6 | |
| gdc.plumx.scopuscites | 1 | |
| gdc.scopus.citedcount | 1 | |
| relation.isAuthorOfPublication | 7959ea6c-1b30-4fa0-9c40-6311259c0914 | |
| relation.isAuthorOfPublication.latestForDiscovery | 7959ea6c-1b30-4fa0-9c40-6311259c0914 | |
| relation.isOrgUnitOfPublication | fd8e65fe-c3b3-4435-9682-6cccb638779c | |
| relation.isOrgUnitOfPublication | 2457b9b3-3a3f-4c17-8674-7f874f030d96 | |
| relation.isOrgUnitOfPublication | b20623fc-1264-4244-9847-a4729ca7508c | |
| relation.isOrgUnitOfPublication.latestForDiscovery | fd8e65fe-c3b3-4435-9682-6cccb638779c |