Skip to main content
SpringerLink
Log in
Book cover

Asia-Pacific Network Operations and Management Symposium

APNOMS 2009: Management Enabling the Future Internet for Changing Business and New Computing Services pp 385–394Cite as

Baseline Traffic Modeling for Anomalous Traffic Detection on Network Transit Points

  • Conference paper

  • 974 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5787))

Abstract

Remarkable concerns have been made in recent years towards detecting the network traffic anomalies in order to protect our networks from the persistent threats of DDos and unknown attacks. As a pre-process for many state-of-the-art attack detection technologies, baseline traffic modeling is a prerequisite step to discriminate anomalous flow from normal traffic. In this paper, we analyze the traffic from various network transit points on ISP backbone network and present a baseline traffic model using simple linear regression for the imported NetFlow data; bits per second and flows per second. Our preliminary explorations indicate that the proposed modeling is very effective to recognize anomalous traffic on the real networks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Foster, J.C.: IDS: Signature versus anomaly detection (2005), http://searchsecurity.techtarget.com

  2. Thottan, M., Ji, C.: Anomaly detection in ip networks. IEEE Transactions on Signal Processing 51, 2191–2204 (2003)

    Article  Google Scholar 

  3. Barford, P., Plonka, D.: Characteristics of network traffic flow anomalies. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, pp. 69–73. ACM, New York (2001)

    Chapter  Google Scholar 

  4. Brutlag, J.D.: Aberrant behavior detection in time series for network monitoring. In: LISA 2000: Proceedings of the 14th USENIX conference on System administration, pp. 139–146. USENIX Association (2000)

    Google Scholar 

  5. Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: SAC 2003: Proceedings of the 2003 ACM symposium on Applied computing, pp. 346–350. ACM, New York (2003)

    Google Scholar 

  6. Anderson, D., Frivold, T., Valdes, A.: Next-generation intrusion-detection expert system (NIDES). Technical Report SRI-CSL-95-07, Computer Science Laboratory, SRI International (1995)

    Google Scholar 

  7. Sperotto, A., Sadre, R., Pras, A.: Anomaly characterization in flow-based traffic time series. In: Akar, N., Pioro, M., Skianis, C. (eds.) IPOM 2008. LNCS, vol. 5275, pp. 15–27. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  8. Kim, M.S., Won, Y.J., Hong, J.W.: Characteristic analysis of internet traffic from the perspective of flows. Computer Communications 29, 1639–1652 (2006); Monitoring and Measurements of IP Networks

    Article  Google Scholar 

  9. Montgomery, D., Peck, E.A.: Introduction to Linear Regression Analysis, 2nd edn. John Wiley and Sons, Inc., Chichester (1992)

    MATH  Google Scholar 

  10. SPSS: (Spss manual), http://www.spss.com/

Download references

Author information

Authors and Affiliations

  1. Network Lab. KT, 463-1 Jeonmin-dong, Yuseong-gu, Daejeon, South Korea

    Yoohee Cho & Kitae Jeong

  2. Dept. of Information and Communications Engineering, Seowon University, 231, Mochung-Dong, Chongju, 361-742, South Korea

    Koohong Kang

  3. Information Security Research Division, ETRI, Gajeong-dong, Yuseong-gu, Daejeon, 305-700, South Korea

    Ikkyun Kim

Authors
  1. Yoohee Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Koohong Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ikkyun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kitae Jeong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Kyung Hee University, 1 Seocheon, Giheung, Yongin, 446-701, Gyeonggi, South Korea

    Choong Seon Hong

  2. Service Platforms Laboratories, NEC Corporation, 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211, 8666, Japan

    Toshio Tonouchi

  3. Information Network Center, Beijing University of Posts and Telecommunications, 10 Xitucheng Road, Haidian District, 100876, Beijing, China

    Yan Ma

  4. Department of Communications Engineering, Feng Chia University, 100 Wenhwa Road, Seatwen, 40724, Taichung, Taiwan

    Chi-Shih Chao

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cho, Y., Kang, K., Kim, I., Jeong, K. (2009). Baseline Traffic Modeling for Anomalous Traffic Detection on Network Transit Points. In: Hong, C.S., Tonouchi, T., Ma, Y., Chao, CS. (eds) Management Enabling the Future Internet for Changing Business and New Computing Services. APNOMS 2009. Lecture Notes in Computer Science, vol 5787. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04492-2_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04492-2_39

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04491-5

  • Online ISBN: 978-3-642-04492-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation