Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis

Yoram Segal; Dan Vilenchik; Ofer Hadar

doi:10.1007/978-3-319-94147-9_6

Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis

Yoram Segal, Dan Vilenchik, Ofer Hadar

Ben-Gurion University of the Negev

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Anomaly detection in a communication network is a powerful tool for predicting faults, detecting network sabotage attempts and learning user profiles for marketing purposes and quality of services improvements. In this article, we convert the unsupervised data mining learning problem into a supervised classification problem. We will propose three methods for creating an associative anomaly within a given commercial traffic data database and demonstrate how, using the Principle Component Analysis (PCA) algorithm, we can detect the network anomaly behavior and classify between a regular data stream and a data stream that deviates from a routine, at the IP network layer level. Although the PCA method was used in the past for the task of anomaly detection, there are very few examples where such tasks were performed on real traffic data that was collected and shared by a commercial company. The article presents three interesting innovations: The first one is the use of an up-to-date database produced by the users of an international communications company. The dataset for the data mining algorithm retrieved from a data center which monitors and collects low-level network transportation log streams from all over the world. The second innovation is the ability to enable the labeling of several types of anomalies, from untagged datasets, by organizing and prearranging the database. The third innovation is the abilities, not only to detect the anomaly but also, to coloring the anomaly type. I.e., identification, classification and labeling some forms of the abnormality.

Original language	English
Title of host publication	Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Proceedings
Editors	Itai Dinur, Shlomi Dolev, Sachin Lodha
Publisher	Springer Verlag
Pages	68-83
Number of pages	16
ISBN (Print)	9783319941462
DOIs	https://doi.org/10.1007/978-3-319-94147-9_6
State	Published - 2018
Externally published	Yes
Event	2nd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2018 - Beer-Sheva, Israel Duration: 21 Jun 2018 → 22 Jun 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10879 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	2nd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2018
Country/Territory	Israel
City	Beer-Sheva
Period	21/06/18 → 22/06/18

Bibliographical note

Publisher Copyright:
© 2018, Springer International Publishing AG, part of Springer Nature.

Funding

This work was supported by the Israel Innovation Authority (Formerly the Office of the Chief Scientist and MATIMOP).

Funders	Funder number
Formerly the Office of the Chief Scientist
Israel Innovation Authority

Keywords

Anomaly detection
Data mining
Machine learning
PCA

Access to Document

10.1007/978-3-319-94147-9_6

Cite this

Segal, Y., Vilenchik, D., & Hadar, O. (2018). Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis. In I. Dinur, S. Dolev, & S. Lodha (Eds.), Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Proceedings (pp. 68-83). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10879 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-94147-9_6

Segal, Yoram ; Vilenchik, Dan ; Hadar, Ofer. / Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis. Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Proceedings. editor / Itai Dinur ; Shlomi Dolev ; Sachin Lodha. Springer Verlag, 2018. pp. 68-83 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{9aaf1a3dbc5a43e8b3fe6c38658ed83a,

title = "Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis",

abstract = "Anomaly detection in a communication network is a powerful tool for predicting faults, detecting network sabotage attempts and learning user profiles for marketing purposes and quality of services improvements. In this article, we convert the unsupervised data mining learning problem into a supervised classification problem. We will propose three methods for creating an associative anomaly within a given commercial traffic data database and demonstrate how, using the Principle Component Analysis (PCA) algorithm, we can detect the network anomaly behavior and classify between a regular data stream and a data stream that deviates from a routine, at the IP network layer level. Although the PCA method was used in the past for the task of anomaly detection, there are very few examples where such tasks were performed on real traffic data that was collected and shared by a commercial company. The article presents three interesting innovations: The first one is the use of an up-to-date database produced by the users of an international communications company. The dataset for the data mining algorithm retrieved from a data center which monitors and collects low-level network transportation log streams from all over the world. The second innovation is the ability to enable the labeling of several types of anomalies, from untagged datasets, by organizing and prearranging the database. The third innovation is the abilities, not only to detect the anomaly but also, to coloring the anomaly type. I.e., identification, classification and labeling some forms of the abnormality.",

keywords = "Anomaly detection, Data mining, Machine learning, PCA",

author = "Yoram Segal and Dan Vilenchik and Ofer Hadar",

note = "Publisher Copyright: {\textcopyright} 2018, Springer International Publishing AG, part of Springer Nature.; 2nd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2018 ; Conference date: 21-06-2018 Through 22-06-2018",

year = "2018",

doi = "10.1007/978-3-319-94147-9\_6",

language = "אנגלית",

isbn = "9783319941462",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "68--83",

editor = "Itai Dinur and Shlomi Dolev and Sachin Lodha",

booktitle = "Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Proceedings",

address = "גרמניה",

}

Segal, Y, Vilenchik, D & Hadar, O 2018, Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis. in I Dinur, S Dolev & S Lodha (eds), Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10879 LNCS, Springer Verlag, pp. 68-83, 2nd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2018, Beer-Sheva, Israel, 21/06/18. https://doi.org/10.1007/978-3-319-94147-9_6

Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis. / Segal, Yoram; Vilenchik, Dan; Hadar, Ofer.
Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Proceedings. ed. / Itai Dinur; Shlomi Dolev; Sachin Lodha. Springer Verlag, 2018. p. 68-83 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10879 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis

AU - Segal, Yoram

AU - Vilenchik, Dan

AU - Hadar, Ofer

PY - 2018

Y1 - 2018

N2 - Anomaly detection in a communication network is a powerful tool for predicting faults, detecting network sabotage attempts and learning user profiles for marketing purposes and quality of services improvements. In this article, we convert the unsupervised data mining learning problem into a supervised classification problem. We will propose three methods for creating an associative anomaly within a given commercial traffic data database and demonstrate how, using the Principle Component Analysis (PCA) algorithm, we can detect the network anomaly behavior and classify between a regular data stream and a data stream that deviates from a routine, at the IP network layer level. Although the PCA method was used in the past for the task of anomaly detection, there are very few examples where such tasks were performed on real traffic data that was collected and shared by a commercial company. The article presents three interesting innovations: The first one is the use of an up-to-date database produced by the users of an international communications company. The dataset for the data mining algorithm retrieved from a data center which monitors and collects low-level network transportation log streams from all over the world. The second innovation is the ability to enable the labeling of several types of anomalies, from untagged datasets, by organizing and prearranging the database. The third innovation is the abilities, not only to detect the anomaly but also, to coloring the anomaly type. I.e., identification, classification and labeling some forms of the abnormality.

AB - Anomaly detection in a communication network is a powerful tool for predicting faults, detecting network sabotage attempts and learning user profiles for marketing purposes and quality of services improvements. In this article, we convert the unsupervised data mining learning problem into a supervised classification problem. We will propose three methods for creating an associative anomaly within a given commercial traffic data database and demonstrate how, using the Principle Component Analysis (PCA) algorithm, we can detect the network anomaly behavior and classify between a regular data stream and a data stream that deviates from a routine, at the IP network layer level. Although the PCA method was used in the past for the task of anomaly detection, there are very few examples where such tasks were performed on real traffic data that was collected and shared by a commercial company. The article presents three interesting innovations: The first one is the use of an up-to-date database produced by the users of an international communications company. The dataset for the data mining algorithm retrieved from a data center which monitors and collects low-level network transportation log streams from all over the world. The second innovation is the ability to enable the labeling of several types of anomalies, from untagged datasets, by organizing and prearranging the database. The third innovation is the abilities, not only to detect the anomaly but also, to coloring the anomaly type. I.e., identification, classification and labeling some forms of the abnormality.

KW - Anomaly detection

KW - Data mining

KW - Machine learning

KW - PCA

UR - http://www.scopus.com/inward/record.url?scp=85049028244&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-94147-9_6

DO - 10.1007/978-3-319-94147-9_6

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85049028244

SN - 9783319941462

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 68

EP - 83

BT - Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Proceedings

A2 - Dinur, Itai

A2 - Dolev, Shlomi

A2 - Lodha, Sachin

PB - Springer Verlag

T2 - 2nd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2018

Y2 - 21 June 2018 through 22 June 2018

ER -

Segal Y, Vilenchik D, Hadar O. Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis. In Dinur I, Dolev S, Lodha S, editors, Cyber Security Cryptography and Machine Learning - Second International Symposium, CSCML 2018, Proceedings. Springer Verlag. 2018. p. 68-83. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-94147-9_6

Detecting and Coloring Anomalies in Real Cellular Network Using Principle Component Analysis

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this