Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks

Nong Ye; Ting Yan Fok; Douglas Montgomery

doi:10.1145/3469968.3469975

Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks

Nong Ye, Ting Yan Fok, Douglas Montgomery

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Network flow data can be used to detect network attacks which manifest deviations from profiles of normal network flows. This paper presents several measures of network flows to detect network attacks. These network flow measures are established from an analytical study of network flow data from benign network activities and network attacks provided by Canadian Institute of Cybersecurity. Both univariate and multivariate analyses of network flow data are carried out to examine differences between benign network activities and network attacks in univariate frequency distributions and multivariate data associations of network flow variables. The univariate measure of network flows is established to detect network attacks using a measure of distribution difference and the number of network flow variables showing the distribution difference greater than a certain threshold. The multivariate measure of network flows are established to detect network attacks using the number of network flow variables smaller than a certain threshold and the absence of certain network flow variables in conditional variable values of multivariate data associations.

Original language	English (US)
Title of host publication	ICBDC 2021 - 2021 6th International Conference on Big Data and Computing
Publisher	Association for Computing Machinery
Pages	41-48
Number of pages	8
ISBN (Electronic)	9781450389808
DOIs	https://doi.org/10.1145/3469968.3469975
State	Published - May 22 2021
Event	6th International Conference on Big Data and Computing, ICBDC 2021 - Virtual, Online, China Duration: May 22 2021 → May 24 2021

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	6th International Conference on Big Data and Computing, ICBDC 2021
Country/Territory	China
City	Virtual, Online
Period	5/22/21 → 5/24/21

Keywords

Network flow data
Network intrusion detection
Univariate and multivariate data analysis

ASJC Scopus subject areas

Human-Computer Interaction
Computer Networks and Communications
Computer Vision and Pattern Recognition
Software

Access to Document

10.1145/3469968.3469975

Cite this

Ye, N., Fok, T. Y., & Montgomery, D. (2021). Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks. In ICBDC 2021 - 2021 6th International Conference on Big Data and Computing (pp. 41-48). (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3469968.3469975

Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks. / Ye, Nong; Fok, Ting Yan; Montgomery, Douglas.
ICBDC 2021 - 2021 6th International Conference on Big Data and Computing. Association for Computing Machinery, 2021. p. 41-48 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ye, N, Fok, TY & Montgomery, D 2021, Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks. in ICBDC 2021 - 2021 6th International Conference on Big Data and Computing. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 41-48, 6th International Conference on Big Data and Computing, ICBDC 2021, Virtual, Online, China, 5/22/21. https://doi.org/10.1145/3469968.3469975

Ye N, Fok TY, Montgomery D. Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks. In ICBDC 2021 - 2021 6th International Conference on Big Data and Computing. Association for Computing Machinery. 2021. p. 41-48. (ACM International Conference Proceeding Series). doi: 10.1145/3469968.3469975

Ye, Nong ; Fok, Ting Yan ; Montgomery, Douglas. / Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks. ICBDC 2021 - 2021 6th International Conference on Big Data and Computing. Association for Computing Machinery, 2021. pp. 41-48 (ACM International Conference Proceeding Series).

@inproceedings{a41fc4ffbe2f4b03b293f6250e79719c,

title = "Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks",

abstract = "Network flow data can be used to detect network attacks which manifest deviations from profiles of normal network flows. This paper presents several measures of network flows to detect network attacks. These network flow measures are established from an analytical study of network flow data from benign network activities and network attacks provided by Canadian Institute of Cybersecurity. Both univariate and multivariate analyses of network flow data are carried out to examine differences between benign network activities and network attacks in univariate frequency distributions and multivariate data associations of network flow variables. The univariate measure of network flows is established to detect network attacks using a measure of distribution difference and the number of network flow variables showing the distribution difference greater than a certain threshold. The multivariate measure of network flows are established to detect network attacks using the number of network flow variables smaller than a certain threshold and the absence of certain network flow variables in conditional variable values of multivariate data associations. ",

keywords = "Network flow data, Network intrusion detection, Univariate and multivariate data analysis",

author = "Nong Ye and Fok, {Ting Yan} and Douglas Montgomery",

note = "Funding Information: This study is carried out with the funding support of Dr. Nong Ye as a faculty researcher with the National Institute of Standards and Technology. Publisher Copyright: {\textcopyright} 2021 ACM.; 6th International Conference on Big Data and Computing, ICBDC 2021 ; Conference date: 22-05-2021 Through 24-05-2021",

year = "2021",

month = may,

day = "22",

doi = "10.1145/3469968.3469975",

language = "English (US)",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "41--48",

booktitle = "ICBDC 2021 - 2021 6th International Conference on Big Data and Computing",

}

TY - GEN

T1 - Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks

AU - Ye, Nong

AU - Fok, Ting Yan

AU - Montgomery, Douglas

N1 - Funding Information: This study is carried out with the funding support of Dr. Nong Ye as a faculty researcher with the National Institute of Standards and Technology. Publisher Copyright: © 2021 ACM.

PY - 2021/5/22

Y1 - 2021/5/22

N2 - Network flow data can be used to detect network attacks which manifest deviations from profiles of normal network flows. This paper presents several measures of network flows to detect network attacks. These network flow measures are established from an analytical study of network flow data from benign network activities and network attacks provided by Canadian Institute of Cybersecurity. Both univariate and multivariate analyses of network flow data are carried out to examine differences between benign network activities and network attacks in univariate frequency distributions and multivariate data associations of network flow variables. The univariate measure of network flows is established to detect network attacks using a measure of distribution difference and the number of network flow variables showing the distribution difference greater than a certain threshold. The multivariate measure of network flows are established to detect network attacks using the number of network flow variables smaller than a certain threshold and the absence of certain network flow variables in conditional variable values of multivariate data associations.

AB - Network flow data can be used to detect network attacks which manifest deviations from profiles of normal network flows. This paper presents several measures of network flows to detect network attacks. These network flow measures are established from an analytical study of network flow data from benign network activities and network attacks provided by Canadian Institute of Cybersecurity. Both univariate and multivariate analyses of network flow data are carried out to examine differences between benign network activities and network attacks in univariate frequency distributions and multivariate data associations of network flow variables. The univariate measure of network flows is established to detect network attacks using a measure of distribution difference and the number of network flow variables showing the distribution difference greater than a certain threshold. The multivariate measure of network flows are established to detect network attacks using the number of network flow variables smaller than a certain threshold and the absence of certain network flow variables in conditional variable values of multivariate data associations.

KW - Network flow data

KW - Network intrusion detection

KW - Univariate and multivariate data analysis

UR - http://www.scopus.com/inward/record.url?scp=85117797280&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85117797280&partnerID=8YFLogxK

U2 - 10.1145/3469968.3469975

DO - 10.1145/3469968.3469975

M3 - Conference contribution

AN - SCOPUS:85117797280

T3 - ACM International Conference Proceeding Series

SP - 41

EP - 48

BT - ICBDC 2021 - 2021 6th International Conference on Big Data and Computing

PB - Association for Computing Machinery

T2 - 6th International Conference on Big Data and Computing, ICBDC 2021

Y2 - 22 May 2021 through 24 May 2021

ER -

Univariate Distribution Differences and Conditional Variables in Multivariate Data Associations as Network Flow Measures to Detect Network Attacks

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this