Flow-based profile generation and network traffic detection for DNS anomalies using optimised entropy-based features selection and modified Holt Winter's method
by Rohini Sharma; Ajay Guleria; R.K. Singla
International Journal of Security and Networks (IJSN), Vol. 16, No. 4, 2021

Abstract: Network anomaly detection systems detect zero-day anomalies but false positive rate is quite high. In this paper, a profile-based network anomaly detection system (P-NADS) is proposed that works in three phases. In the first phase, a minimal set of characteristic features for DNS service is identified using proposed optimal entropy-based features selection (OEFS) which helps in detecting anomalies with higher accuracy. In the second phase, modified Holt Winter's method using partial trend (MHWT) that generates normal profile of a system to predict future normal behaviour is proposed. In the final phase, anomalies are detected and localised. Experimental results show that OEFS method works better than information gain and forward feature selection algorithm. The MHWT method gives better prediction accuracy for DNS when compared to HWDS. Experiments are performed on Panjab University flow-based dataset (PUF-dataset) which is created using real flows collected from Panjab University Chandigarh Campus and is freely available on request.

Online publication date: Thu, 02-Dec-2021

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?

Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email subs@inderscience.com