ABSTRACT
As the size and speed of the network increase, the discovery of abnormal traffic becomes more difficult. It is not only necessary to accurately detect real-time traffic but also to determine the type of abnormality. Therefore, in view of the requirement for network anomaly discovery, this paper proposes a Bloom Filter (BF) based abnormal traffic detection framework. This framework could retrieve information from real-time data accurately under low time complexity. This article mainly analyzes two kinds of abnormal traffic (port scanning traffic and TCP flooding traffic). For port scanning traffic, with BF structure the framework could retrieve what ports this stream has accessed. If there is too much traffic on different ports, an abnormality could be determined. For the TCP flooding traffic, the Count Bloom Filter (CBF) is used to count the number of packets with similar length in each type of stream for a period of time. If a higher proportion of packets with similar length has been detected, an abnormality has a strong probability. Finally, the paper analyzes the proposed abnormal traffic detection framework in the real environment. The experiment finds that there is less false positive for normal traffic and it can correctly identify the above two abnormal traffic.
- Perera, C., Chi, H. L., & Jayawardena, S. (2017). The emerging internet of things marketplace from an industrial perspective: a survey. IEEE Transactions on Emerging Topics in Computing, 3(4), 585--598. Google ScholarCross Ref
- Perera, C., Chi, H. L., Jayawardena, S., & Min, C. (2017). A survey on internet of things from industrial market perspective. IEEE Access, 2, 1660--1679.Google ScholarCross Ref
- Islam, N., & Islam, N. (2017). Botnets and internet of things security. Computer, 50(2), 76--79. Google ScholarDigital Library
- Xin, Y., Mo, X., Wang, C., & Xin, Y. (2017). Research on Real-Time Flow Abnormal Traffic Detection System Based on DDoS Attack.Google Scholar
- Marnerides, A. K., Schaeffer-Filho, A., & Mauthe, A. (2014). Traffic anomaly diagnosis in internet backbone networks: a survey. Computer Networks, 73(C), 224--243. Google ScholarDigital Library
- Chen, M., Chen, S., & Cai, Z. . (2017). Counter tree: a scalable counter architecture for per-flow traffic measurement. IEEE/ACM Transactions on Networking, PP(99), 1--14. Google ScholarDigital Library
- Geng, T., Wang, Z., Xia, Y., Chen, J., Shi, X., & Chao, Z., et al. (2017). CEFF: An efficient approach for traffic anomaly detection and classification. Computers & Communications.Google Scholar
- Denning, D. E. (2006). An intrusion-detection model. IEEE Transactions on Software Engineering, SE-13(2), 222--232. Google ScholarDigital Library
- Cheng G, Gong J, Ding W. (2003). A real-time detection model based on sampling measurement in a high-speed network. Journal of Software, 14(3), 594--599.Google Scholar
- Wei, Y., & Jun, Z. . (2017). Network traffic anomaly detection based on time series analysis. Journal of Jilin University.Google Scholar
- Barbhuiya, F. A., Roopa, S., Ratti, R., Biswas, S., & Nandi, S. (2012). An active detection mechanism for detecting icmp based attacks.Google ScholarDigital Library
- Barford, P., Kline, J., Plonka, D., & Ron, A. (2002). A signal analysis of network traffic anomalies. Proc Acm Sigcomm Internet Measurement Workshop. Google ScholarDigital Library
- Nurohman, H., Purwanto, Y., & Hafidudin. (2015). Traffic anomaly based detection: Anomaly detection by self-similar analysis. International Conference on Control.Google ScholarCross Ref
- Zhang, Z., He, Q., Jing, G., & Ming, N. (2018). A deep learning approach for detecting traffic accidents from social media data. Transportation Research Part C Emerging Technologies, 86, 580--596.Google ScholarCross Ref
- Zou, M., Wang, C., Li, F., & Song, W. Z. (2018). Network phenotyping for network traffic classification and anomaly detection.Google ScholarCross Ref
- Kong, L., Huang, G., & Wu, K. (2017). Identification of Abnormal Network Traffic Using Support Vector Machine. International Conference on Parallel & Distributed Computing.Google Scholar
- Yan, G. (2017). Network Anomaly Traffic Detection Method Based on Support Vector Machine. International Conference on Smart City & Systems Engineering.Google Scholar
- Ciptaningtyas, H. T. . (2017). Network Traffic Anomaly Prediction Using Artificial Neural Network. International Conference on Education. 5th International Conference on Education, Concept, and Application of Green Technology.Google Scholar
- Peng, X., Li, Z., Qi, H., Qu, W., & Yu, H. (2017). An Efficient DDoS Detection with Bloom Filter in SDN. Trustcom/bigdatase/ispa.Google Scholar
- Kumar, A., Xu, J., Li, L., & Jia, W. (2003). Space-code bloom filter for efficient traffic flow measurement. Acm Sigcomm Conference on Internet Measurement. Google ScholarDigital Library
- Shang, G., Zhe, P., Bin, X., & Yubo, S. . (2016). Secure and energy efficient prefetching design for smartphones. IEEE International Conference on Communications. IEEE.Google ScholarCross Ref
- Shang, G., Zhe, P., Bin, X., Aiqun, H., & Kui, R. . (2017). Flood Defender: Protecting data and control plane resources under SDN-aimed DoS attacks. IEEE INFOCOM 2017 - IEEE Conference on Computer Communications. IEEE.Google ScholarCross Ref
- Xue, N. M., Wang, N. J., & Hux, N. A. . (2016). An enhanced classification-based golden chips-free hardware Trojan detection technique. 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST). IEEE Computer Society.Google Scholar
- Jiang, Y., Hu, A., & Huang, J.. (2018). A lightweight physical-layer based security strategy for internet of things. Cluster Computing.Google Scholar
- Benson, T., & Chandrasekaran, B. (2017). Sounding the bell for improving internet (of things) security.Google ScholarDigital Library
- Andoh-Baidoo, F. K., & Osei-Bryson, K. M. (2007). Exploring the characteristics of internet security breaches that impact the market value of breached firms. Expert Systems with Applications, 32(3), 703--725. Google ScholarDigital Library
- Saez, M., Maturana, F. P., Barton, K., & Tilbury, D. M. (2018). Real-time manufacturing machine and system performance monitoring using internet of things. IEEE Transactions on Automation Science & Engineering, PP(99), 1--14.Google ScholarCross Ref
- Abhishta, Joosten, R., & Nieuwenhuis, L. J. M. (2018). Comparing alternatives to measure the impact of ddos attack announcements on target stock prices.Google Scholar
Abnormal traffic detection of IoT terminals based on Bloom filter
Recommendations
Abnormal Network Traffic Detection based on Leaf Node Density Ratio
ICCNS '19: Proceedings of the 2019 9th International Conference on Communication and Network SecurityAs the network evolves, cyber-attacks become more and more diverse. In the process of detecting network traffic, the most complicated but also the most important task is to find unknown abnormal network traffic data in time. In the existing abnormal ...
Probabilistic distance based abnormal pattern detection in uncertain series data
Abnormal pattern detection is an important task in series data anomaly detection. Because of the noise interference, the accuracy of abnormal detection method based on deterministic value is decreased. Whereas, most recent studies aimed at solving the ...
Abnormal Traffic Detection Based on a Fusion BiGRU Neural Network
Advances in Swarm IntelligenceAbstractAs network security is getting more and more attention, methods for anomalous traffic detection are proposed. However, the methods for anomalous traffic detection have problems such as low detection rate and high false alarm rate, so this paper ...
Comments