Flow-based Anomaly Detection in High-Speed Networks


Zahra Jadidi. 2016. Flow-based Anomaly Detection in High-Speed Networks .Thesis (PhD Doctorate), Griffith University, Brisbane.


With the advent of online services, the Internet has become extremely busy and demanding faster access. The increased dependency on the Internet obliges Internet service providers to make it reliable and secure. In this regard, researchers are tirelessly working on a number of technologies in order to ensure the continued viability of the Internet. Intrusion detection is one of the fields that enables secure operation of the Internet. An intrusion detection system (IDS) attempts to discover malicious activities in a network. However, with the increasing network throughput, IDSs should be able to analyse high volumes of traffic in real-time. Flow-based analysis is one of the methods capable of handling high-volume traffic. This method reduces the input traffic of IDSs because it analyses only packet headers. Flow-based anomaly detection can increase the reliability of the Internet, provided this method is functional at an early stage and complemented by packet-based IDSs at later stages. Employing artificial intelligence (AI) methods in IDSs provides the capability to detect attacks with better accuracy. Compared with typical IDSs, AI-based systems are more inclined towards detecting unknown attacks. This thesis proposes an artificial neural network (ANN) based flow anomaly detector optimised with metaheuristic algorithms. The proposed method is evaluated using a number of flow-based datasets generated. An ANN-based flow anomaly detection enables a high detection rate; hence, this thesis investigates this system more thoroughly. The ANN-based system is a supervised method which needs labelled datasets; however, labelling of a large amount of data found in high-speed networks is difficult. Semi-supervised methods are the combination of supervised and unsupervised methods, which can work with both labelled and unlabelled data. A semi-supervised method can provide a high detection rate even when there is a small proportion of labelled data; therefore, the application of this method in flow-based anomaly detection is considered.

Subject Keywords
High-speed networks, Flow-based analysis, Intrusion detection system (IDS), Artificial neural network (ANN)
Thesis Type
Thesis (PhD Doctorate)
Degree Program
Doctor of Philosophy (PhD)
School of Information and Cmmunication Technology
Share Link
Primary Supervisor
Vallipuram Muthukkumarasamy
Other Supervisors
Elankayer Sithirasenan, Kalvinder Singh
ADT Shelf Number
Item Access Status
Copyright © 2016 Zahra Jadidi.
Copyright Disclaimer
This thesis is protected by copyright. Copyright in the thesis remains with the author. The Griffith University Higher Degree Theses Repository has a non-exclusive licence to archive, publish and communicate this thesis online.


  • Owner: Pamela Tonkin
  • Collection: GURT
  • Version: 1 (show all)
  • Status: Live