Abstract
|
vNetwork traffic anomaly detection is crucial for identifying unusual behavior such as security attacks or performance degradation. In this paper, we propose a Multi-Detector Fusion (MDF) framework integrating three complementary detection methods: Multi-output Gaussian Process (MOGP) prediction, correlation-based anomaly detection, and volatility-based analysis. Individual anomaly scores produced by these detectors are adaptively fused into a single composite score using anomaly-specific weighting, with detection thresholds optimized via local grid search. To evaluate the framework, we first simulate realistic multivariate network traffic data and inject various types of anomalies, including amplitude spikes, pattern shifts, trend drifts, and increased noise levels. The MDF framework effectively identifies these diverse anomaly types, consistently achieving high precision and recall. Moreover, we validate the approach on real network traffic traces from the WIDE Project by injecting simulated cyber-attacks. The MDF model successfully detected multiple attack scenarios (including DoS floods, route hijacking, pattern changes, and traffic bursts), Compared to conventional single-detector approaches, the proposed adaptive fusion model exhibits higher accuracy and robustness, illustrating the advantages of combining multiple statistical techniques for comprehensive network monitoring in practice.
|
Keywords
|
Network Traffic, Anomaly Detection, Machine Learning, Gaussian Processes, Cybersecurity
|