Evaluation of Anomaly Detection Method Based on Pattern Recognition

The number of threats on the Internet is rapidly increasing, and anomaly detection has become of increasing importance. High-speed backbone traffic is particularly degraded. but their analysis is a complicated task due to the amount of data, the lack of payload data. the asymmetric routing and the use of sampling techniques. Most anomaly detection schemes focus Oil the statistical properties of network traffic and highlight anomalous traffic through their singularities. In this paper, we concentrate on unusual traffic distributions, which are easily identifiable in temporal-spatial space (e.g., time/address or port). We present ail anomaly detection method that uses a pattern recognition technique to identify anomalies ill picture,,; representing traffic. The main advantage of this method is its ability to detect attacks involving mice flows. We evaluate the parameter set and the effectiveness of this approach by analyzing six years of Internet traffic collected from a trans-Pacific link, We show several examples of detected anomalies and compare our results with those of two other methods. The comparison indicates that the only anomalies detected by the pattern-recognition-based method are mainly malicious traffic with a few packets.