Proceedings ArticleDOI
Online detection of network traffic anomalies using behavioral distance
TLDR
A behavioral distance based anomaly detection mechanism with the capability of performing on-line traffic analysis and validate the efficacy of the detection system by using network traffic traces collected at Abilene and MAWI high-speed links.Abstract:
While network-wide anomaly analysis has been well studied, the on-line detection of network traffic anomalies at a vantage point inside the Internet still poses quite a challenge to network administrators. In this paper, we develop a behavioral distance based anomaly detection mechanism with the capability of performing on-line traffic analysis. To construct accurate online traffic profiles, we introduce horizontal and vertical distance metrics between various traffic features (i.e., packet header fields) in the traffic data streams. The significant advantages of the proposed approach lie in four aspects: (1) it is efficient and simple enough to process on-line traffic data; (2) it facilitates protocol behavioral analysis without maintaining per-flow state; (3) it is scalable to high speed traffic links because of the aggregation, and (4) using various combinations of packet features and measuring distances between them, it is capable for accurate on-line anomaly detection. We validate the efficacy of our proposed detection system by using network traffic traces collected at Abilene and MAWI high-speed links.read more
Citations
More filters
Journal ArticleDOI
A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection
TL;DR: An overview of the use of similarity and distance measures within NIAD research is presented and a theoretical background in distance measures is provided and a discussion of various types of distance measures and their uses are discussed.
Proceedings ArticleDOI
A real-time DDoS attack detection and prevention system based on per-IP traffic behavioral analysis
Yi Zhang,Qiang Liu,Guofeng Zhao +2 more
TL;DR: A real-time DDoS attack detection and prevention system which can be deployed at the leaf router to monitor and detect DDoS attacks and which can recognize attackers, victims and normal users, and filter or forward IP packets by means of a quick identification technique.
Proceedings ArticleDOI
Challenges of Machine Learning Based Monitoring for Industrial Control System Networks
TL;DR: The challenges for anomaly detection based network monitoring and intrusion detection systems could be capable of discerning normal and aberrant traffic in industrial control systems, detecting security incidents in an early phase are discussed.
Proceedings ArticleDOI
Traffic anomaly detection in DDos flooding attack
TL;DR: This paper categorizes anomaly traffic detection system based on process and capability focus based on each main research problem to be solved, there are detectingonly anomaly, types of anomaly, and prevention system that include process to overcome the attack.
Journal Article
An Entropy Based Approach to Detect and Distinguish DDoS Attacks from Flash Crowds in VoIP Networks
N. Jeyanthi,N. Ch. S. N. Iyengar +1 more
TL;DR: The tra‐c condition and the purpose of dealings varies which helps in outwitting the attackers are observed and the entropy packet analysis is used to minimize the tra‐ c reaching the server.
References
More filters
Journal ArticleDOI
Space/time trade-offs in hash coding with allowable errors
TL;DR: Analysis of the paradigm problem demonstrates that allowing a small number of test messages to be falsely identified as members of the given set will permit a much smaller hash area to be used without increasing reject time.
Proceedings Article
Snort - Lightweight Intrusion Detection for Networks
TL;DR: Snort provides a layer of defense which monitors network traffic for predefined suspicious activity or patterns, and alert system administrators when potential hostile traffic is detected.
Proceedings ArticleDOI
Mining anomalies using traffic feature distributions
TL;DR: It is argued that the distributions of packet features observed in flow traces reveals both the presence and the structure of a wide range of anomalies, and that using feature distributions, anomalies naturally fall into distinct and meaningful clusters that can be used to automatically classify anomalies and to uncover new anomaly types.
Proceedings ArticleDOI
Diagnosing network-wide traffic anomalies
TL;DR: A general method based on a separation of the high-dimensional space occupied by a set of network traffic measurements into disjoint subspaces corresponding to normal and anomalous network conditions to diagnose anomalies is proposed.
Proceedings ArticleDOI
A signal analysis of network traffic anomalies
TL;DR: This paper reports results of signal analysis of four classes of network traffic anomalies: outages, flash crowds, attacks and measurement failures, and shows that wavelet filters are quite effective at exposing the details of both ambient and anomalous traffic.
Related Papers (5)
Detection of network anomalies and novel attacks in the internet via statistical network traffic separation and normality prediction
Symeon Papavassiliou,Jun Jiang +1 more