TY - JOUR
T1 - Semi-supervised anomaly detection in dynamic communication networks
AU - Meng, Xuying
AU - Wang, Suhang
AU - Liang, Zhimin
AU - Yao, Di
AU - Zhou, Jihua
AU - Zhang, Yujun
N1 - Funding Information:
This work is supported in whole or in part, by National Key Research and Development Program of China ( 2018YFB1800403 ), the research program of Network Computing Innovation Research Institute ( E061010003 ), National Science Foundation of China ( 61902382 , 61972381 , 61672500 ) and the Strategic Priority Research Program of Chinese Academy of Sciences ( XDC02030500 ).
Publisher Copyright:
© 2021
PY - 2021/9
Y1 - 2021/9
N2 - To ensure the security and stabilization of the communication networks, anomaly detection is the first line of defense. However, their learning process suffers two major issues: (1) inadequate labels: there are many different kinds of attacks but rare abnormal nodes in mt of these atstacks; and (2) inaccurate labels: considering the heavy network flows and new emerging attacks, providing accurate labels for all nodes is very expensive. The inadequate and inaccurate label problem challenges many existing methods because the majority normal nodes result in a biased classifier while the noisy labels will further degrade the performance of the classifier. To tackle these issues, we propose SemiADC, a Semi-supervised Anomaly Detection framework for dynamic Communication networks. SemiADC first approximately learns the feature distribution of normal nodes with regularization from abnormal ones. It then cleans the datasets and extracts the nodes sasainaccurate labels by the learned feature distribution and structure-based temporal correlations. These self-learning processes run iteratively with mutual promotion, and finally help increase the accuracy of anomaly detection. Experimental evaluations on real-world datasets demonstrate the effectiveness of our SemiADC, which performs substantially better than the state-of-art anomaly detection approaches without the demand of adequate and accurate supervision.
AB - To ensure the security and stabilization of the communication networks, anomaly detection is the first line of defense. However, their learning process suffers two major issues: (1) inadequate labels: there are many different kinds of attacks but rare abnormal nodes in mt of these atstacks; and (2) inaccurate labels: considering the heavy network flows and new emerging attacks, providing accurate labels for all nodes is very expensive. The inadequate and inaccurate label problem challenges many existing methods because the majority normal nodes result in a biased classifier while the noisy labels will further degrade the performance of the classifier. To tackle these issues, we propose SemiADC, a Semi-supervised Anomaly Detection framework for dynamic Communication networks. SemiADC first approximately learns the feature distribution of normal nodes with regularization from abnormal ones. It then cleans the datasets and extracts the nodes sasainaccurate labels by the learned feature distribution and structure-based temporal correlations. These self-learning processes run iteratively with mutual promotion, and finally help increase the accuracy of anomaly detection. Experimental evaluations on real-world datasets demonstrate the effectiveness of our SemiADC, which performs substantially better than the state-of-art anomaly detection approaches without the demand of adequate and accurate supervision.
UR - http://www.scopus.com/inward/record.url?scp=85108681679&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85108681679&partnerID=8YFLogxK
U2 - 10.1016/j.ins.2021.04.056
DO - 10.1016/j.ins.2021.04.056
M3 - Article
AN - SCOPUS:85108681679
VL - 571
SP - 527
EP - 542
JO - Information Sciences
JF - Information Sciences
SN - 0020-0255
ER -