Network Anomaly Detection System using Genetic Algorithm and Fuzzy Logic

• Published in: Expert systems with applications Vol. 92; pp. 390 - 402
• Main Authors: Hamamoto, Anderson Hiroshi, Carvalho, Luiz Fernando, Sampaio, Lucas Dias Hiera, Abrão, Taufik, Proença, Mario Lemes
• Format: Journal Article
• Language: English
• Published: New York Elsevier Ltd 01.02.2018; Elsevier BV
• Subjects: Anomalies; Communications traffic; Computer networks; Fuzzy Logic; Fuzzy systems; Genetic Algorithm; Genetic algorithms; IP (Internet Protocol); Network Anomaly Detection System; Network management; Network management systems; Traffic information; Network management; Network Anomaly Detection System; Fuzzy Logic; Genetic Algorithm
• ISSN: 0957-4174; 1873-6793
• DOI: 10.1016/j.eswa.2017.09.013

•Multiple attributes from IP flows are combined to detect anomalous events.•GA metaheuristic used for Digital Signature of Network Segment using Flow Analysis.•Unsupervised training technique applied efficiently for network traffic profiling.•Fuzzy Logic improved accuracy and false positives compared to state of art. Due to the sheer number of applications that uses computer networks, in which some are crucial to users and enterprises, network management is essential. Therefore, integrity and availability of computer networks become priorities, making it a fundamental resource to be managed. In this work, a scheme combining Genetic Algorithm and a Fuzzy Logic for network anomaly detection is discussed. The Genetic Algorithm is used to generate a Digital Signature of Network Segment using Flow Analysis, where information extracted from network flows data is used to predict the networks traffic behavior for a given time interval. Furthermore, a Fuzzy Logic scheme is applied to decide whether an instance represents an anomaly or not, differing from some approaches present in the literature. Indeed, it is proposed an expert system with the capability to monitor the network’s traffic with IP flows while expected behaviors are generated in a regular time interval basis, issuing alarms when a possible problem is present. The proposed anomaly detection system exposes network problems autonomously. The results acquired from applying the proposed approach in a real network traffic flows achieve an accuracy of 96.53% and false positive rate of 0.56%. Moreover, our method succeeds in achieving higher performance compared to several other approaches.