Abstract
In this paper, we provide a detection technology for a common type of network intrusion (traffic flood attack) using an anomaly data detection method based on probabilistic model analysis. Victim’s computers under attack show various symptoms such as degradation of TCP throughput, increase of CPU usage, increase of RTT (Round Trip Time), frequent disconnection to the web sites, and etc. These symptoms can be used as components to comprise k-dimensional feature space of multivariate normal distribution where an anomaly detection method can be applied for the detection of the attack. These features are in general correlated one another. In other words, most of these symptoms are caused by the attack, so they are highly correlated. Thus we choose only a few of these features for the anomaly detection in multivariate normal distribution. We study this technology for those IoT networks prepared to provide u-health services in the future, where stable and consistent network connectivity is extremely important because the connectivity is highly related to the loss of human lives eventually.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kolahi, S.S., Treseangrat, K., Sassafpour, B.: Analysis of UDP DDoS flood cyber attack and defense mechanisms on web server with Linux Ubuntu 13. In: 2015 International Conference on Communications, Signal Processing, and their Applications (ICCSPA), pp. 17–19, February 2015
Bayarjargal, D., Cho, G.: Detecting an anomalous traffic attack area based on entropy distribution and mahalanobis distance. Int. J. Secur. Appl. 8(2), 87–94 (2014)
Rodgers, J.L., Nicewander, W.A.: Thirteen ways to look at the correlation coefficient. Am. Stat. 42(1), 59–66 (1988)
Kejie, L., Dapeng, W., Fan, J., Todorovic, S., Nucci, A.: Robust and efficient detection of DDoS attacks for large-scale internet. Comput. Netw. 51, 5036–5056 (2007)
Weon, I.-Y., Song, D.-H., Ko, S.-B., Lee, C.-H.: A multiple instance learning problem approach model to anomaly network intrusion detection. Int. J. Inf. Process. Syst. 1(1), 14–21 (2005)
https://en.wikipedia.org/wiki/Multivariate_normal_distribution
https://en.wikipedia.org/wiki/Expectation-maximization_algorithm
Acknowledgement
This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2016-H8601-16-1009) supervised by the IITP (Institute for Information & communications Technology Promotion)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Park, J., Choi, D.H., Jeon, YB., Min, S.D., Park, DS. (2017). Network Anomaly Detection Based on Probabilistic Analysis. In: Park, J., Pan, Y., Yi, G., Loia, V. (eds) Advances in Computer Science and Ubiquitous Computing. UCAWSN CUTE CSA 2016 2016 2016. Lecture Notes in Electrical Engineering, vol 421. Springer, Singapore. https://doi.org/10.1007/978-981-10-3023-9_107
Download citation
DOI: https://doi.org/10.1007/978-981-10-3023-9_107
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-3022-2
Online ISBN: 978-981-10-3023-9
eBook Packages: EngineeringEngineering (R0)