Detecting Abnormal Traffic in Wireless Networks Using Unsupervised Models

Detecting Abnormal Traffic in Wireless Networks Using Unsupervised Models

Alexis Huet (Nanjing Howso Technology, China)
Copyright: © 2017 |Pages: 14
DOI: 10.4018/978-1-5225-1750-4.ch001


Development of high-speed LTE connections has induced an increasingly quantity of traffic data over the network. Detection of abnormal traffic from this continuous stream of data is crucial to identify technical problem or fraudulent intrusion. Unsupervised learning methods can automatically describe structure of the data and deduce patterns of the network. There are useful to identify unexpected behaviors and to promptly detect new type of anomalies. In this article, traffic in wireless network is analyzed through different unsupervised models. Emphasis is given on models combining traffic data with time stamps information. A model called Gaussian Probabilistic Latent Semantic Analysis (GPLSA) is introduced and compared with other methods such as time-dependent Gaussian Mixture Models (time-GMM). Efficiency and robustness of those models are compared, using both sampled and LTE traffic data. Those experimental results suggest that GPLSA can provide a robust and early detection of anomalies, in a fully automatic, data-driven solution.
Chapter Preview

Research Background

Anomaly detection is a wide topic and a large number of techniques has been used. For a broad overview of those methods, we refer to Chandola, Banerjee, and Kumar (2009).

Research focuses mainly on unsupervised methods to perform anomaly detection (Laskov, Düssel, & Schäfer, 2005; Chawla, Japkowicz, & Kotcz, 2004; Phua, Alahakoon, & Lee, 2004). Most developed are statistical based methods and clustering (Patcha & Park, 2007). Most of the statistical based methods those models are Gaussian model based (Bamnett & Lewis, 1994). Mixture of parametric distributions is also possible, where normal points anomalies correspond to two different distributions (Agarwal, 2007). In clustering methods, the purpose is to separate data points and to group objects which share similarities together. Each group of object is called a cluster. Similarities between objects are usually defined analytically. Many different clustering algorithms exist, differing on how similarities between objects are measured: they can be with some distance measurement, density or statistical distribution. The most popular and simplest clustering technique is K-means clustering (Jain, 2010).

Complete Chapter List

Search this Book: