Network Security Behavior Anomaly Detection Based on Improved Empirical Mode Decomposition
DOI:
https://doi.org/10.13052/jcsm2245-1439.1355Keywords:
Empirical mode decomposition, Generalized likelihood ratio, Time series data analysis, Data augmentation, Channel integrationAbstract
The current network behavior features have high latitude and complex components, making it difficult for existing temporal analysis techniques to perform temporal analysis and anomaly detection. To this end, a multi-scale decomposition module based on improved empirical mode decomposition is proposed and combined with generalized likelihood theory to construct a time series analysis model. The dataset decomposition experiment showed that the improved empirical mode decomposition proposed in the study had certain advantages in the decomposition performance of the three datasets, but it was difficult to judge the difference between normal time series and time series data with anomalies only from the perspective of periodicity. The validation experiment of anomaly detection in the time series analysis model showed that applying data augmentation effectively improved the detection performance of the time series analysis model. Compared with other methods, the proposed time series analysis model had an increase in true class rate of 1.23%–5.13%, and a decrease in false positive class rate of 19.05%–4.00%. Feature selection effectively improved the anomaly detection ability of temporal analysis technology, and the true class rate of temporal analysis technology based on feature selection increased by 1.27%–8.96%. Ranking temporal data according to feature importance for anomaly detection effectively increased the effectiveness of anomaly detection. The True Positive Rate (TPR) value of anomaly detection for temporal data with the highest feature importance was as high as 0.93. The results indicate that improved empirical mode decomposition can effectively meet the temporal data decomposition of high latitude network behavior characteristics, and the proposed temporal analysis model has better applicability and efficiency in temporal data anomaly detection. The temporal analysis model based on improved empirical mode has a more accurate recognition rate and lower false alarm rate in dealing with temporal data anomaly detection in different network environments, and has certain practical value in the field of network security behavior anomaly detection.
Downloads
References
Y. Fang, B. Luo, T. Zhao, D. He, B. Jiang, Q. Liu, ‘ST-SIGMA: Spatio-temporal semantics and interaction graph aggregation for multi-agent perception and trajectory forecasting’; CAAI Trans Intell Technol, vol. 7, pp. 744–757, 2022.
W. Kim, Y. Park, J. Shin, M. Jo, ‘Consumer preference structure of online privacy concerns in an IoT environment’, International Journal of Market Research, vol. 64, pp. 630–651, 2022.
O. Omiunu, I. A. Aniyie, ‘Sub-national involvement in nigeria’s foreign relations law: an appraisal of the heterodoxy between theory and practice’, African Journal of International and Comparative Law, vol. 30, pp. 252–269, 2022.
Y. Wang, L. Du, ‘Change-detection-assisted multiple testing for spatiotemporal data’, J Stat Plan Inference, vol. 227, pp. 57–74, 2023.
L. Wang, J. Zhao, Z. Xu, F. Zhao, C. Song, C. Yang, ‘Integrated energy system optimal operation using data-driven district heating network model’, Energy Build, vol. 291, pp. 1–16, 2023.
A. M. Tomczyk, M. W. Ewertowski, ‘Landscape degradation and development as a result of touristic activity in the fragile, high-mountain environment of Vinicunca (Rainbow Mountain), Andes, Peru’, Land Degradation & Development, vol. 34, pp. 3953–3972, 2023.
Z. Zhao, W. Niu, X. Zhang, R. Zhang, Z. Yu, C. Huang, ‘Trine: syslog anomaly detection with three transformer encoders in one generative adversarial network’, Applied Intelligence: The International Journal of Artificial Intelligence, Neural Networks, and Complex Problem-Solving Technologies, vol. 52, pp. 8810–8819, 2022.
H. Sun, M. Chen, J. Weng, Z. Liu, G. Geng, ‘Anomaly detection for in-vehicle network using CNN-LSTM with attention mechanism’, IEEE Trans Veh Technol, vol. 70, pp. 10880–10893, 2021.
A. Deng, B. Hooi, ‘Graph neural network-based anomaly detection in multivariate time series’, Proc AAAI Conf Artif Intell, vol. 35, pp. 4027–4053, 2021.
M. Jain, G. Kaur, ‘Distributed anomaly detection using concept drift detection based hybrid ensemble techniques in streamed network data’, Cluster Computing, vol. 24, pp. 2099–2114, 2021.
M. Hosseinzadeh, A. M. Rahmani, B. Vo, M. Bidaki, M. Masdari, M. Zangakani, ‘Improving security using SVM-based anomaly detection: issues and challenges’, Soft Computing, vol. 25, pp. 3195–3223, 2021.
C. Deng, Y. Huang, N. Hasan, Y. Bao, ‘Multi-step-ahead stock price index forecasting using long short-term memory model with multivariate empirical mode decomposition’, Information Sciences, vol. 607, pp. 297–321, 2022.
A. A. Mousavi, C. Zhang, S. F. Masri, G. Gholipour, ‘Structural damage detection method based on the complete ensemble empirical mode decomposition with adaptive noise: A model steel truss bridge case study’, Structural Health Monitoring, vol. 21, pp. 887–912, 2021.
C. Li, W. Zhou, G. Liu, Y. Zhang, M. Geng, Z. Liu, W. Shang, ‘Seizure onset detection using empirical mode decomposition and common spatial pattern’, IEEE Trans Neural Syst Rehabil Eng, vol. 29, pp. 458–467, 2021.
P. T. Krishnan, A. N. Joseph Raj, V. Rajangam, ‘Emotion classification from speech signal based on empirical mode decomposition and non-linear features: Speech emotion recognition’, Complex & Intelligent Systems, vol. 7, pp. 1919–1934, 2021.
A. K. Dwivedi, H. Ranjan, A. Menon, P. Periasamy, ‘Noise reduction in ECG signal using combined ensemble empirical mode decomposition method with stationary wavelet transform’, Circuits Syst Signal Process, vol. 40, pp. 827–844, 2021.
L. Long, X. Wen, Y. Lin, ‘Denoising of seismic signals based on empirical mode decomposition-wavelet thresholding’, J Vib Control, vol. 27, pp. 311–322, 2021.
M. Chai, Z. Gao, Y. Li, Z. Zhang, Q. Duan, R. Chen, ‘An approach for identifying corrosion damage from acoustic emission signals using ensemble empirical mode decomposition and linear discriminant analysis’, Measurement Science & Technology, vol. 33, pp. 1–19, 2022.
R. E. Vieceli, D. A. Dodge, ‘Assessing the effectiveness of generalized likelihood ratio test detector schemes in seismic event detection and the avoidance of nontarget signals’, Bulletin of the Seismological Society of America, vol. 112, pp. 1384–1396, 2022.
B. Zaman, ‘Efficient adaptive cusum control charts based on generalized likelihood ratio test to monitor process dispersion shift’, Qual Reliab Eng Int, vol. 37, pp. 3192–3220, 2021.
Yu J, Li X, Guan X, Shen H. A remote sensing assessment index for urban ecological livability and its application. Geo-Spatial Information Science, 2024, 27(2): 289–310.
Wang Y, Xu Y, Yang J, Wu M, Li X, Xie L, Chen Z. Fully-connected spatial-temporal graph for multivariate time-series data. In Proceedings of the AAAI Conference on Artificial Intelligence, 2024, 38(14): 15715–15724.
Li L, Cheng J, Bannister J, Mai X. Geographically and temporally weighted co-location quotient: an analysis of spatiotemporal crime patterns in greater Manchester. International Journal of Geographical Information Science, 2022, 36(5): 918–942.
Nephin J, Thompson P L, Anderson S C, Park A E, Rooper C N, Aulthouse B, Watson J. Integrating disparate survey data in species distribution models demonstrate the need for robust model evaluation. Canadian Journal of Fisheries and Aquatic Sciences, 2023, 80(12): 1869–1889.
Torreblanca E, Real R, Camiñas J A, Macias D, García-Barcelona S, Báez J C. Spatial and temporal partitioning of the Western Mediterranean Sea by resident dolphin species. Mediterranean Marine Science, 2023, 24(1): 34–49.
B. Zhang, Y. Gao, J. Wu, N. Wang, Q. Wang, J. Ren, ‘Approach to predict software vulnerability based on multiple-level n-gram feature extraction and heterogeneous ensemble learning’, International journal of software engineering and knowledge engineering, vol. 32, pp. 1559–1582, 2022.
G. Jull, J. Treleaven, ‘Response rate and comparison of clinical features associated with positive or negative responses to a scapular positioning test in patients with neck pain and altered scapular alignment: a cross-sectional study’, BMJ Open, vol. 11, pp. 435–459, 2021.
E. A. G. Venugopal, ‘A comparative analysis on hybrid svm for network intrusion detection system’, Turkish Journal of Computer and Mathematics Education, vol. 12, pp. 2674–2679, 2021.
J. Qiu, X. Yan, W. Wang, W. Wei, K. Fang, Skeleton-based abnormal behavior detection using secure partitioned convolutional neural network model’, IEEE J Biomed Health Inform, vol. 26, pp. 5829–5840, 2021.
Y. Labiod, A. Amara Korba, N. Ghoualmi, ‘Fog computing-based intrusion detection architecture to protect iot networks’, Wireless Personal Communications, vol. 125, pp. 231–259, 2022.
Chen Y, Liu B, Wang T. Analysing and forecasting China containerized freight index with a hybrid decomposition–ensemble method based on EMD, grey wave and ARMA. Grey Systems: Theory and Application, 2021, 11(3): 358–371.
Sharmila R B, Velaga N R, Kumar A. SVM-based hybrid approach for corridor-level travel-time estimation. IET Intelligent Transport Systems, 2019, 13(9): 1429–1439.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
