Skip to Main content Skip to Navigation
Conference papers

UNADA: Unsupervised Network Anomaly Detection Using Sub-space Outliers Ranking

Abstract : Current network monitoring systems rely strongly on signa-ture-based and supervised-learning-based detection methods to hunt out network attacks and anomalies. Despite being opposite in nature, both approaches share a common downside: they require the knowledge provided by an expert system, either in terms of anomaly signatures, or as normal-operation profiles. In a diametrically opposite perspective we introduce UNADA, an Unsupervised Network Anomaly Detection Algorithm for knowledge-independent detection of anomalous traffic. UNADA uses a novel clustering technique based on Sub-Space-Density clustering to identify clusters and outliers in multiple low-dimensional spaces. The evidence of traffic structure provided by these multiple clusterings is then combined to produce an abnormality ranking of traffic flows, using a correlation-distance-based approach. We evaluate the ability of UNADA to discover network attacks in real traffic without relying on signatures, learning, or labeled traffic. Additionally, we compare its performance against previous unsupervised detection methods using traffic from two different networks.
Complete list of metadata

Cited literature [17 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Thursday, September 7, 2017 - 11:57:53 AM
Last modification on : Friday, January 10, 2020 - 9:08:10 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Pedro Casas, Johan Mazel, Philippe Owezarski. UNADA: Unsupervised Network Anomaly Detection Using Sub-space Outliers Ranking. 10th IFIP Networking Conference (NETWORKING), May 2011, Valencia, Spain. pp.40-51, ⟨10.1007/978-3-642-20757-0_4⟩. ⟨hal-01583411⟩



Record views


Files downloads