Skip to main content
SpringerLink
Log in

Real-Time and Self-adaptive Method for Abnormal Traffic Detection Based on Self-similarity

  • Conference paper
Web Information Systems and Mining (WISM 2009)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5854))

Included in the following conference series:

Abstract

Abnormal traffic detection is a difficult problem in network management and network security. This paper proposes an abnormal traffic detection method based on a continuous LoSS (loss of self-similarity) through comparing the difference of Hurst parameter distribution under the network normal and abnormal traffic time series conditions. Due to the needs of fast and high accuracy for abnormal traffic detection, the on-line version of the Abry-Veitch wavelet-based estimator of the Hurst parameter in large time-scale is proposed, and the detection threshold could self-adjusted according to the extent of network traffic self-similarity under normal conditions. This work also investigates the effect of the parameters adjustment on the performance of abnormal traffic detection. The test results on data set from Lincoln lab of MIT demonstrate that the new abnormal traffic detection method has the characteristics of dynamic self-adaptive and higher detection rate, and can be implemented in a real-time way.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Toma, G.: Practical test functions generated by computer algorithms. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3482, pp. 576–584. Springer, Heidelberg (2005)

    Google Scholar 

  2. Leland, W.E., Taqqu, M.S., Willinger, W., et al.: On the self-similar nature of ethernet traffic (extended version). IEEE/ACM Transactions on Networking 2(1), 1–15 (1994)

    Article  Google Scholar 

  3. Paxson, V., Floyd, S.: Wide area traffic: The failure of poisson modeling. IEEE/ACM Transactions on Networking 3(3), 226–244 (1995)

    Article  Google Scholar 

  4. Mark, E., Azer, B.: Self-similarity in World Wide Web traffic: Evidence and possible causes. IEEE/ACM Transactions on Networking 5(6), 835–846 (1997)

    Article  Google Scholar 

  5. Li, M.: Change trend of averaged Hurst parameter of traffic under DDOS flood attacks. Computers & security 25(3), 213–220 (2006)

    Article  Google Scholar 

  6. Schleifer, W., Mannle, M.: Online error detection through observation of traffic self-similarity. IEE Proceedings on Communications 148(1), 38–42 (2001)

    Article  Google Scholar 

  7. William, H., Gerald, A.: The loss technique for detecting new denial of service attacks. In: IEEE Proceedings on SoutheastCon, pp. 302–309. IEEE Press, Los Alamitos (2004)

    Google Scholar 

  8. Ren, X., Wang, R., Wang, H.: Wavelet analysis method for detection of DDOS attack on the basis of self-similarity. Frontiers of Electrical and Electronic Engineering in China 2(1), 73–77 (2007)

    Article  Google Scholar 

  9. Mohd, F., Mohd, A., Ali, S., et al.: Uncovering anomaly traffic based on loss of self-similarity behavior using second order statistical model. International Journal of Computer Science and Network Security 7(9), 116–122 (2007)

    Google Scholar 

  10. Taqqu, M., Teverovsky, V., Willinger, W.: Estimators for long-range dependence: An empirical study. Fractals 3(4), 785–798 (1995)

    Article  MATH  Google Scholar 

  11. Taqqu, M.S., Teverovsky, V.: Robustness of Whittle-type estimates for time series with long-range dependence. Stochastic Models 13, 723–757 (1997)

    Article  MATH  MathSciNet  Google Scholar 

  12. Patrice, A., Darryl, V.: Wavelet analysis of Long-Range-Dependence Traffic. IEEE Transactions on Information Theory 44(1), 2–15 (1998)

    Article  MATH  Google Scholar 

  13. Stoev, S., Taqqu, M., Park, C., et al.: On the wavelet spectrum diagnostic for Hurst parameter estimation in the analysis of Internet traffic. Computer Networks 48(3), 423–445 (2005)

    Article  Google Scholar 

  14. Roughan, M., Darryl, V., Patrice, A.: Real-time estimation of the parameters of long-range dependence. IEEE/ACM Transactions on Networking 8(4), 467–478 (2000)

    Article  Google Scholar 

  15. Bendat, J.S., Piersol, A.G.: Random Data: Analysis and Measurement Procedure. John Wiley & Sons, Chichester (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electronic Engineering, Key Lab of Information Security Integrated Management Research, Shanghai Jiao Tong University, 200240, Shanghai, P.R. China

    Zhengmin Xia, Songnian Lu & Jianhua Li

  2. School of Information Security Engineering, Key Lab of Information Security Integrated Management Research, Shanghai Jiao Tong University, 200240, Shanghai, P.R. China

    Songnian Lu, Jianhua Li & Jin Ma

Authors
  1. Zhengmin Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Songnian Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianhua Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jin Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, City University of Hong Kong, 83 Tat Chee Avenue, Kowloon Tong, Hong Kong, China

    Wenyin Liu  & Fu Lee Wang  & 

  2. Key Laboratory of Grid Technology, Digital Content Analysis and Semantic Grid Group, Shanghai University, 200072, Shanghai, China

    Xiangfeng Luo

  3. College of Information Science and Technology, Hainan University, 570228, Haikou, China

    Jingsheng Lei

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xia, Z., Lu, S., Li, J., Ma, J. (2009). Real-Time and Self-adaptive Method for Abnormal Traffic Detection Based on Self-similarity. In: Liu, W., Luo, X., Wang, F.L., Lei, J. (eds) Web Information Systems and Mining. WISM 2009. Lecture Notes in Computer Science, vol 5854. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05250-7_41

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-05250-7_41

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-05249-1

  • Online ISBN: 978-3-642-05250-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation