An ML Based Anomaly Detection System in real-time data streams

Javier Jose Diaz Rivera; Talha Ahmed Khan; Waleed Akbar; Muhammad Afaq; Wang Cheol Song

doi:10.1109/CSCI54926.2021.00270

An ML Based Anomaly Detection System in real-time data streams

Javier Jose Diaz Rivera
, Talha Ahmed Khan
, Waleed Akbar
, Muhammad Afaq
, Wang Cheol Song^*

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

9 Scopus citations

Abstract

Due to the advancements in machine learning and artificial intelligence applied fields, network anomaly detection systems have experienced an evolution from traditional signature-based methods for intrusion detection. Nonetheless, as security measures evolve, more sophisticated attacks are also constantly being developed by hackers. Not only a robust anomaly detection algorithm is needed, but also a real-time data feeding mechanism for minimizing the reaction-time impact is required. Moreover, DDoS attacks can flood the network data channels with more than thousands of packets per second with the latent effect of overloading most traditional monitoring systems that rely on data storage. Due to this, the research presented in this paper focuses its efforts on implementing a real-time data streaming system for network anomaly detection that can operate during a high volume of traffic data. The solution includes the deployment of a flow collector platform connected to Apache Kafka for receiving NetFlow data from network switches. Also, real-time big data processing techniques are applied through Apache Spark, where the ML anomaly detection is triggered. The detection of anomalies is performed by a combination of the unsupervised learning clustering algorithm k-means and the supervised learning classifier KNN (k- nearest neighbors). Finally, a monitoring system consisting of an ELK stack collects historical data for further evolution of the ML algorithms.

Original language	English
Title of host publication	Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1329-1334
Number of pages	6
ISBN (Electronic)	9781665458412
DOIs	https://doi.org/10.1109/CSCI54926.2021.00270
State	Published - 2021
Externally published	Yes
Event	2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021 - Las Vegas, United States Duration: 15 Dec 2021 → 17 Dec 2021

Publication series

Name	Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021

Conference

Conference	2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021
Country/Territory	United States
City	Las Vegas
Period	15/12/21 → 17/12/21

Bibliographical note

Publisher Copyright:
© 2021 IEEE.

Keywords

Anomaly Detection
Big Data
Data Streams
Machine Learning
NetFlow

ASJC Scopus subject areas

Artificial Intelligence
Computer Science Applications
Computer Vision and Pattern Recognition
Signal Processing
Safety, Risk, Reliability and Quality

Access to Document

10.1109/CSCI54926.2021.00270

Cite this

Jose Diaz Rivera, J., Ahmed Khan, T., Akbar, W., Afaq, M., & Song, W. C. (2021). An ML Based Anomaly Detection System in real-time data streams. In Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021 (pp. 1329-1334). (Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CSCI54926.2021.00270

Jose Diaz Rivera, Javier ; Ahmed Khan, Talha ; Akbar, Waleed et al. / An ML Based Anomaly Detection System in real-time data streams. Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021. Institute of Electrical and Electronics Engineers Inc., 2021. pp. 1329-1334 (Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021).

@inproceedings{c64483c8e236464b8e9e4433e22c3456,

title = "An ML Based Anomaly Detection System in real-time data streams",

abstract = "Due to the advancements in machine learning and artificial intelligence applied fields, network anomaly detection systems have experienced an evolution from traditional signature-based methods for intrusion detection. Nonetheless, as security measures evolve, more sophisticated attacks are also constantly being developed by hackers. Not only a robust anomaly detection algorithm is needed, but also a real-time data feeding mechanism for minimizing the reaction-time impact is required. Moreover, DDoS attacks can flood the network data channels with more than thousands of packets per second with the latent effect of overloading most traditional monitoring systems that rely on data storage. Due to this, the research presented in this paper focuses its efforts on implementing a real-time data streaming system for network anomaly detection that can operate during a high volume of traffic data. The solution includes the deployment of a flow collector platform connected to Apache Kafka for receiving NetFlow data from network switches. Also, real-time big data processing techniques are applied through Apache Spark, where the ML anomaly detection is triggered. The detection of anomalies is performed by a combination of the unsupervised learning clustering algorithm k-means and the supervised learning classifier KNN (k- nearest neighbors). Finally, a monitoring system consisting of an ELK stack collects historical data for further evolution of the ML algorithms.",

keywords = "Anomaly Detection, Big Data, Data Streams, Machine Learning, NetFlow",

author = "\{Jose Diaz Rivera\}, Javier and \{Ahmed Khan\}, Talha and Waleed Akbar and Muhammad Afaq and Song, \{Wang Cheol\}",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021 ; Conference date: 15-12-2021 Through 17-12-2021",

year = "2021",

doi = "10.1109/CSCI54926.2021.00270",

language = "English",

series = "Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1329--1334",

booktitle = "Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021",

address = "United States",

}

Jose Diaz Rivera, J, Ahmed Khan, T, Akbar, W, Afaq, M & Song, WC 2021, An ML Based Anomaly Detection System in real-time data streams. in Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021. Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021, Institute of Electrical and Electronics Engineers Inc., pp. 1329-1334, 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021, Las Vegas, United States, 15/12/21. https://doi.org/10.1109/CSCI54926.2021.00270

An ML Based Anomaly Detection System in real-time data streams. / Jose Diaz Rivera, Javier; Ahmed Khan, Talha; Akbar, Waleed et al.
Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021. Institute of Electrical and Electronics Engineers Inc., 2021. p. 1329-1334 (Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An ML Based Anomaly Detection System in real-time data streams

AU - Jose Diaz Rivera, Javier

AU - Ahmed Khan, Talha

AU - Akbar, Waleed

AU - Afaq, Muhammad

AU - Song, Wang Cheol

PY - 2021

Y1 - 2021

N2 - Due to the advancements in machine learning and artificial intelligence applied fields, network anomaly detection systems have experienced an evolution from traditional signature-based methods for intrusion detection. Nonetheless, as security measures evolve, more sophisticated attacks are also constantly being developed by hackers. Not only a robust anomaly detection algorithm is needed, but also a real-time data feeding mechanism for minimizing the reaction-time impact is required. Moreover, DDoS attacks can flood the network data channels with more than thousands of packets per second with the latent effect of overloading most traditional monitoring systems that rely on data storage. Due to this, the research presented in this paper focuses its efforts on implementing a real-time data streaming system for network anomaly detection that can operate during a high volume of traffic data. The solution includes the deployment of a flow collector platform connected to Apache Kafka for receiving NetFlow data from network switches. Also, real-time big data processing techniques are applied through Apache Spark, where the ML anomaly detection is triggered. The detection of anomalies is performed by a combination of the unsupervised learning clustering algorithm k-means and the supervised learning classifier KNN (k- nearest neighbors). Finally, a monitoring system consisting of an ELK stack collects historical data for further evolution of the ML algorithms.

AB - Due to the advancements in machine learning and artificial intelligence applied fields, network anomaly detection systems have experienced an evolution from traditional signature-based methods for intrusion detection. Nonetheless, as security measures evolve, more sophisticated attacks are also constantly being developed by hackers. Not only a robust anomaly detection algorithm is needed, but also a real-time data feeding mechanism for minimizing the reaction-time impact is required. Moreover, DDoS attacks can flood the network data channels with more than thousands of packets per second with the latent effect of overloading most traditional monitoring systems that rely on data storage. Due to this, the research presented in this paper focuses its efforts on implementing a real-time data streaming system for network anomaly detection that can operate during a high volume of traffic data. The solution includes the deployment of a flow collector platform connected to Apache Kafka for receiving NetFlow data from network switches. Also, real-time big data processing techniques are applied through Apache Spark, where the ML anomaly detection is triggered. The detection of anomalies is performed by a combination of the unsupervised learning clustering algorithm k-means and the supervised learning classifier KNN (k- nearest neighbors). Finally, a monitoring system consisting of an ELK stack collects historical data for further evolution of the ML algorithms.

KW - Anomaly Detection

KW - Big Data

KW - Data Streams

KW - Machine Learning

KW - NetFlow

UR - https://www.scopus.com/pages/publications/85133946353

U2 - 10.1109/CSCI54926.2021.00270

DO - 10.1109/CSCI54926.2021.00270

M3 - Conference contribution

AN - SCOPUS:85133946353

T3 - Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021

SP - 1329

EP - 1334

BT - Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021

Y2 - 15 December 2021 through 17 December 2021

ER -

Jose Diaz Rivera J, Ahmed Khan T, Akbar W, Afaq M, Song WC. An ML Based Anomaly Detection System in real-time data streams. In Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021. Institute of Electrical and Electronics Engineers Inc. 2021. p. 1329-1334. (Proceedings - 2021 International Conference on Computational Science and Computational Intelligence, CSCI 2021). doi: 10.1109/CSCI54926.2021.00270

An ML Based Anomaly Detection System in real-time data streams

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this