ADAPTIVE REAL-TIME NETWORK MONITORING SYSTEM: Detecting Anomalous Activity with Evolving Connectionist System

摘要

When diagnosing network problems, it is desirable to have a view of the traffic inside the network. This can be achieved by profiling the traffic. A fully profiled traffic can contain significant information of the network's current state, and can be further used to detect anomalous traffic and manage the network better. Many has addressed problems of profiling network traffic, but unfortunately there are no specific profiles could lasts forever for one particular network, since network traffic characteristic always changes over and over based on the sum of nodes, software that being used, type of access, etc. This paper introduces an online adaptive system using Evolving Connectionist Systems to profile network traffic in continuous manner while at the same time try to detect anomalous activity inside the network in real-time and adapt with changes if necessary. Different from an offline approach, which usually profile network traffic using previously captured data for a certain period of time, an online and adaptive approach can use a shorter period of data capturing and evolve its profile if the characteristic of the network traffic has changed.