A New Network Anomaly Detection Method Based on Header Information Using Greedy Algorithm

Network anomaly detection is an important and rapidly growing area. In this paper, we propose a new network anomaly detection method based on the probability distributions of header information. The distances between the distributions of packet headers are calculated to reflect the main characteristics of the network. These are calculated using the Greedy algorithm which eliminates some requirements associated with Kullback-Leibler divergence such as having the same rank of the probability distributions. Then, Support Vector Machine classifier is used in the detection phase to reduce false alarm rates and to make the system adaptive for different networks. This algorithm is tested on the real data collected from Bogazici University network and MIT Darpa 2000 dataset.