Loading [MathJax]/extensions/TeX/ieeemacros.js
Online detection of network traffic anomalies using behavioral distance | IEEE Conference Publication | IEEE Xplore

Online detection of network traffic anomalies using behavioral distance


Abstract:

While network-wide anomaly analysis has been well studied, the on-line detection of network traffic anomalies at a vantage point inside the Internet still poses quite a c...Show More

Abstract:

While network-wide anomaly analysis has been well studied, the on-line detection of network traffic anomalies at a vantage point inside the Internet still poses quite a challenge to network administrators. In this paper, we develop a behavioral distance based anomaly detection mechanism with the capability of performing on-line traffic analysis. To construct accurate online traffic profiles, we introduce horizontal and vertical distance metrics between various traffic features (i.e., packet header fields) in the traffic data streams. The significant advantages of the proposed approach lie in four aspects: (1) it is efficient and simple enough to process on-line traffic data; (2) it facilitates protocol behavioral analysis without maintaining per-flow state; (3) it is scalable to high speed traffic links because of the aggregation, and (4) using various combinations of packet features and measuring distances between them, it is capable for accurate on-line anomaly detection. We validate the efficacy of our proposed detection system by using network traffic traces collected at Abilene and MAWI high-speed links.
Date of Conference: 13-15 July 2009
Date Added to IEEE Xplore: 18 August 2009
ISBN Information:
Print ISSN: 1548-615X
Conference Location: Charleston, SC, USA

References

References is not available for this document.