Abstract
Abnormal traffic detection is a difficult problem in network management and network security. This paper proposes an abnormal traffic detection method based on a continuous LoSS (loss of self-similarity) through comparing the difference of Hurst parameter distribution under the network normal and abnormal traffic time series conditions. Due to the needs of fast and high accuracy for abnormal traffic detection, the on-line version of the Abry-Veitch wavelet-based estimator of the Hurst parameter in large time-scale is proposed, and the detection threshold could self-adjusted according to the extent of network traffic self-similarity under normal conditions. This work also investigates the effect of the parameters adjustment on the performance of abnormal traffic detection. The test results on data set from Lincoln lab of MIT demonstrate that the new abnormal traffic detection method has the characteristics of dynamic self-adaptive and higher detection rate, and can be implemented in a real-time way.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Toma, G.: Practical test functions generated by computer algorithms. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3482, pp. 576–584. Springer, Heidelberg (2005)
Leland, W.E., Taqqu, M.S., Willinger, W., et al.: On the self-similar nature of ethernet traffic (extended version). IEEE/ACM Transactions on Networking 2(1), 1–15 (1994)
Paxson, V., Floyd, S.: Wide area traffic: The failure of poisson modeling. IEEE/ACM Transactions on Networking 3(3), 226–244 (1995)
Mark, E., Azer, B.: Self-similarity in World Wide Web traffic: Evidence and possible causes. IEEE/ACM Transactions on Networking 5(6), 835–846 (1997)
Li, M.: Change trend of averaged Hurst parameter of traffic under DDOS flood attacks. Computers & security 25(3), 213–220 (2006)
Schleifer, W., Mannle, M.: Online error detection through observation of traffic self-similarity. IEE Proceedings on Communications 148(1), 38–42 (2001)
William, H., Gerald, A.: The loss technique for detecting new denial of service attacks. In: IEEE Proceedings on SoutheastCon, pp. 302–309. IEEE Press, Los Alamitos (2004)
Ren, X., Wang, R., Wang, H.: Wavelet analysis method for detection of DDOS attack on the basis of self-similarity. Frontiers of Electrical and Electronic Engineering in China 2(1), 73–77 (2007)
Mohd, F., Mohd, A., Ali, S., et al.: Uncovering anomaly traffic based on loss of self-similarity behavior using second order statistical model. International Journal of Computer Science and Network Security 7(9), 116–122 (2007)
Taqqu, M., Teverovsky, V., Willinger, W.: Estimators for long-range dependence: An empirical study. Fractals 3(4), 785–798 (1995)
Taqqu, M.S., Teverovsky, V.: Robustness of Whittle-type estimates for time series with long-range dependence. Stochastic Models 13, 723–757 (1997)
Patrice, A., Darryl, V.: Wavelet analysis of Long-Range-Dependence Traffic. IEEE Transactions on Information Theory 44(1), 2–15 (1998)
Stoev, S., Taqqu, M., Park, C., et al.: On the wavelet spectrum diagnostic for Hurst parameter estimation in the analysis of Internet traffic. Computer Networks 48(3), 423–445 (2005)
Roughan, M., Darryl, V., Patrice, A.: Real-time estimation of the parameters of long-range dependence. IEEE/ACM Transactions on Networking 8(4), 467–478 (2000)
Bendat, J.S., Piersol, A.G.: Random Data: Analysis and Measurement Procedure. John Wiley & Sons, Chichester (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xia, Z., Lu, S., Li, J., Ma, J. (2009). Real-Time and Self-adaptive Method for Abnormal Traffic Detection Based on Self-similarity. In: Liu, W., Luo, X., Wang, F.L., Lei, J. (eds) Web Information Systems and Mining. WISM 2009. Lecture Notes in Computer Science, vol 5854. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05250-7_41
Download citation
DOI: https://doi.org/10.1007/978-3-642-05250-7_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-05249-1
Online ISBN: 978-3-642-05250-7
eBook Packages: Computer ScienceComputer Science (R0)