Automated system-level anomaly detection and classification using modified random forest

Abstract

It is imperative for Internet-based services to monitor service performance closely and detect anomalies as soon as possible. Despite this, deploying anomaly detectors to a particular service is still an extremely challenging task, requiring that the parameters and thresholds of anomaly detectors be manually and iteratively tuned to deliver the desired behaviour. Hence, we present here a way to detect and classify anomalies using Modified Random Forests (M-RF). We have selected Random Forest since it can prevent intrusions up to a good extent by itself and can automatically improve accuracy on anomaly detection. AWSCTD data are collected in this section. Initial pre-processing is done using a histogram equalization method. GLCM is then used to extract the required features, which is be then passed on to the feature extraction technique. Finally, it is sent to M-RF for effective classification before the inevitable next step. The model is evaluated against other pre-trained models like SVM, KNN, ANN, GAN, and fuzzy logic against accuracy, sensitivity, and specificity measures. In comparison to other state-of-the-art models, our model outperformed them by 98%.