대지 67@5x.png

KT RND Center

KT.com Web log Anomaly Pattern Detection System for Netflow

Development time

4 Month

Manpower

3 Professionals

The Brief

Nowadays, the network service environment is exposed to various intrusions and attacks due to the complexity and diversification of high-speed Internet-based application traffic such as real-time voice, video, streaming, and online games. The network traffic and stability monitoring now became essential element to network service provider, KT RND team wanted to implement anomaly pattern detection capability based on active and advanced AI web log analysis to respond to more intelligent and complex network attacks.

Service

Development of tools for TP, FP and FN calculation

System integration & dashboard

흰육각형.png

1

흰육각형.png

2

흰육각형.png

3

흰육각형.png

4

Modelling & Test set generation

Anomaly pattern detection algorithm development

Technological Challenges

Overcoming the limitations of

rule-based technology

Ruleset-based design that is widely in use for commercial monitoring systems require to identify data and abnormal patterns in advance by experts. This process takes considerable time and cost which is not suitable for large networks. By using Ellexi’s time-series normal pattern deep learning modeling (assuming every data is normal), it can be applied immediately without need of ruleset design process by the experts.

Monitoring result reliability

It is difficult to achieve 100% detection of intelligent and complex threats through monitoring system. Existing monitoring systems suffers from unknow threats and frequent false positive issues. Ellexi has secured the monitoring reliability by applying hybrid approach, combining deep learning modelling and HBKS (Hierarchical Behavior Knowledge Space) that gradually reduces false positives, minimized alarm fatigue and identify unknow threats.

Road Map

M+1 / M+2

  • Data Modelling

small1.png
small2.png
  • Data Collection

  • Data Analysis

small3.png

M+3 / M+4

  • Field Test

M

Key Features

  • Real-time network status change detection

  • Lossless giga-class link traffic collection & analysis

  • Harmful traffic detection (abnormal/harmful traffic)

  • Unidentified traffic and application detection (By class, type, unknown)

  • Detailed flow traffic analysis

The Result

Anomaly Detection Accuracy 99.36%

Process time/case 0.000444 sec

Confirmation within 1min after detection

False Discovery rate 34.26%

Miss Rate 1.02%

KT결과영문.jpg