Baseline Traffic Modeling for Anomalous Traffic Detection on Network Transit Points

被引：0

作者：

Cho, Yoohee ^{[1
]}

Kang, Koohong ^{[2
]}

Kim, Ikkyun ^{[3
]}

Jeong, Kitae ^{[1
]}

机构：

[1] Network Lab KT, 463-1 Jeonmin Dong, Taejon, South Korea

[2] Seowon Univ, Dept Informat & Commun Engn, Chongju 361742, South Korea

[3] ETRI, Informat Secur Res Div, Daejeon 305700, South Korea

来源：

MANAGEMENT ENABLING THE FUTURE INTERNET FOR CHANGING BUSINESS AND NEW COMPUTING SERVICES, PROCEEDINGS | 2009年 / 5787卷

关键词：

Intrusion Detection; Anomaly; DDoS attack;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Remarkable concerns have been made in recent years towards detecting the network traffic anomalies in order to protect our networks from the persistent threats of DDos and unknown attacks. As a preprocess for many state-of-the-art attack detection technologies, baseline traffic modeling is a prerequisite step to discriminate anomalous flow from normal traffic. In this paper, we analyze the traffic from various network transit points on ISP backbone network and present a baseline traffic model using simple linear regression for the imported Netflow data; bits per second and flows per second. Our preliminary explorations indicate that the proposed modeling is very effective to recognize anomalous traffic on the real networks.

引用

页码：385 / +

页数：2

共 10 条

[1]

[Anonymous], 1995, SRICSL9507

[2]

Barford P, 2001, IMW 2001: PROCEEDINGS OF THE FIRST ACM SIGCOMM INTERNET MEASUREMENT WORKSHOP, P69

[3]

Brutlag JD, 2000, USENIX ASSOCIATION PROCEEDINGS OF THE FOURTEENTH SYSTEMS ADMINISTRATION CONFERENCE (LISA XIV), P139

[4]

FOSTER JC, 2005, IDS SIGNATURE VERSUS

[5] Characteristic analysis of internet traffic from the perspective of flows [J].

Kim, Myung-Sup ;

Won, Young J. ;

Hong, James W. .

COMPUTER COMMUNICATIONS, 2006, 29 (10) :1639-1652

[6]

Mahoney M. V., 2003, P 2003 ACM S APPL CO, p346~350, DOI [10.1145/952532.952601, DOI 10.1145/952532.952601]

[7]

Montgomery D. C., 1992, INTRO LINEAR REGRESS

[8]

Sperotto A, 2008, LECT NOTES COMPUT SC, V5275, P15, DOI 10.1007/978-3-540-87357-0_2

[9]

*SPSS, SPSS MAN

[10] Anomaly detection in IP networks [J].

Thottan, M ;

Ji, C .

IEEE TRANSACTIONS ON SIGNAL PROCESSING, 2003, 51 (08) :2191-2204

← 1 →