A Novel Sliding Window Based Change Detection Algorithm for Asymmetric Traffic

被引:28
作者
Ahmed, Ejaz [1 ]
Clark, Andrew [1 ]
Mohay, George [1 ]
机构
[1] Queensland Univ Technol, Brisbane, Qld 4001, Australia
来源
2008 IFIP INTERNATIONAL CONFERENCE ON NETWORK AND PARALLEL COMPUTING, PROCEEDINGS | 2008年
关键词
D O I
10.1109/NPC.2008.81
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
The effects of network attacks may result in abrupt changes in network traffic parameters. The speedy identification of these changes is critical for smooth network operation. This paper illustrates a sequential analysis technique for detecting these unknown abrupt changes in asymmetric network traffic. A novel sliding window based adaptive cumulative sum (CUSUM) algorithm is used to detect the cause of such variations in network traffic. The significance of the proposed algorithm is two-fold: (1) automatic adjustment of the change detection threshold while minimising the false alarm rate, and (2) timely detection of an end to the anomalous traffic. The validity of the proposed technique is investigated by experimentation on simulated data and on 18 months of real network traces collected from a class C darknet. Comparative analysis of the proposed technique with a traditional CUSUM method demonstrates its superior performance with high detection accuracy and low false alarm rate.
引用
收藏
页码:168 / 175
页数:8
相关论文
共 17 条
[1]   Practical darknet measurement [J].
Bailey, Michael ;
Cooke, Evan ;
Jahanian, Farnam ;
Myrick, Andrew ;
Sinha, Sushant .
2006 40TH ANNUAL CONFERENCE ON INFORMATION SCIENCES AND SYSTEMS, VOLS 1-4, 2006, :1496-1501
[2]  
Bailey Michael, 2005, NDSS
[3]  
Basseville M., 1993, DETECTION ABRUPT CHA
[4]  
BO C, 2005, P INT C MACH LEARN C, V4, P2424
[5]  
CHAN J, 2006, P AUSTR TEL NETW APP
[6]  
CHEN W, 2006, P INT C NETW INT C S
[7]   Collaborative detection of DDoS attacks over multiple network domains [J].
Chen, Yu ;
Hwang, Kai ;
Ku, Wei-Shinn .
IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, 2007, 18 (12) :1649-1662
[8]  
Cooke E., 2004, P 2004 ACM WORKSH RA, P54
[9]   Hotspots: The root causes of non-uniformity in self-propagating malware [J].
Cooke, Evan ;
Mao, Z. Morley ;
Jahanian, Farnam .
DSN 2006 INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, PROCEEDINGS, 2006, :179-188
[10]  
JIANG X, 2004, P 13 C USENIX SEC S