Applying Catastrophe Theory for Network Anomaly Detection in Cloud Computing Traffic

In spite of the tangible advantages of cloud computing, it is still vulnerable to potential attacks and threats. In light of this, security has turned into one of the main concerns in the adoption of cloud computing. Therefore, an anomaly detection method plays an important role in providing a high protection level for network security. One of the challenges in anomaly detection, which has not been seriously considered in the literature, is applying the dynamic nature of cloud traffic in its prediction while maintaining an acceptable level of accuracy besides reducing the computational cost. On the other hand, to overcome the issue of additional training time, introducing a high-speed algorithm is essential. In this paper, a network traffic anomaly detection model grounded in Catastrophe Theory is proposed. This theory is effective in depicting sudden change processes of the network due to the dynamic nature of the cloud. Exponential Moving Average (EMA) is applied for the state variable in sliding window to better show the dynamicity of cloud network traffic. Entropy is used as one of the control variables in catastrophe theory to analyze the distribution of traffic features. Our work is compared with Wei Xiong et al.'s Catastrophe Theory and achieved a maximum improvement in the percentage of Detection Rate in week 4 Wednesday (7.83%) and a 0.31% reduction in False Positive Rate in week 5 Monday. Additional accuracy parameters are checked and the impact of sliding window size in sensitivity and specificity is considered.