Filters








11,424 Hits in 3.7 sec

Anomaly Characterization in Flow-Based Traffic Time Series [chapter]

Anna Sperotto, Ramin Sadre, Aiko Pras
Lecture Notes in Computer Science  
The contribution of this paper is that it shows, based on a number of real case studies on high-speed networks, that all three metrics may be necessary for proper time series anomaly characterization.  ...  The goal of this paper is to investigate how malicious traffic can be characterized on the basis of such aggregated metrics, in particular by using flow, packet and byte frequency variations over time.  ...  We also would like to thank Daan van der Sanden for his valuable help in the traces analysis.  ... 
doi:10.1007/978-3-540-87357-0_2 fatcat:6fxw4zrfqfcqrhhon2g3emhcn4

Characteristics of network traffic flow anomalies

Paul Barford, David Plonka
2001 Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement - IMW '01  
At the time of writing we are in the process of building an archive of anomalies based on IP traffic flow measurements taken from the border router for our campus network.  ...  Experience has enabled classes of anomalies to easily be distinguished from typical traffic based on graphs of traffic flows.  ... 
doi:10.1145/505202.505211 dblp:conf/imw/BarfordP01 fatcat:hffkjon7r5emja7hw4sct4me5a

Characteristics of network traffic flow anomalies

Paul Barford, David Plonka
2001 Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement Workshop - IMW '01  
At the time of writing we are in the process of building an archive of anomalies based on IP traffic flow measurements taken from the border router for our campus network.  ...  Experience has enabled classes of anomalies to easily be distinguished from typical traffic based on graphs of traffic flows.  ... 
doi:10.1145/505208.505211 fatcat:kj36bcyadjfv7oscoi2gzkijnm

Spatio-Temporal Network Anomaly Detection by Assessing Deviations of Empirical Measures

I.C. Paschalidis, G. Smaragdakis
2009 IEEE/ACM Transactions on Networking  
corresponding reference characterization, thus, identifying traffic anomalies in real-time.  ...  Using past traffic traces we characterize network traffic during various time-of-day intervals, assuming that it is anomaly-free.  ...  Consider a time series of traffic activity (say, in bits/bytes/packets/flows per sample). Let the partial sum (or aggregate traffic) over the time bucket starting at and containing samples, namely, .  ... 
doi:10.1109/tnet.2008.2001468 fatcat:2bhcndjmh5d4lai2hzhpbuhsqi

Random projection and multiscale wavelet leader based anomaly detection and address identification in internet traffic

R. Fontugne, P. Abry, K. Fukuda, P. Borgnat, J. Mazel, H. Wendt, D. Veitch
2015 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)  
We present a new anomaly detector for data traffic, 'SMS', based on combining random projections (sketches) with multiscale analysis, which has low computational complexity.  ...  The sketches allow 'normal' traffic to be automatically and robustly extracted, and anomalies detected, without the need for training data.  ...  We focus on anomaly detection based on aggregated time series, being counts of IP packets or bytes in consecutive time bins, obtainable from packet header traces containing timestamps plus 5-tuples for  ... 
doi:10.1109/icassp.2015.7179029 dblp:conf/icassp/FontugneAFBMWV15 fatcat:jyw7gfrxmbc3nodjg2uxra323y

Anomaly Detections in Internet traffic Using Empirical Measures [article]

A.S.Syed Navaz, S.Gopalakrishnan, R.Meena
2013 arXiv   pre-print
Using past traffic traces we characterize network traffic during various time-of-day intervals, assuming that it is anomaly-free.  ...  Introducing Internet traffic anomaly detection mechanism based on large deviations results for empirical measures.  ...  place.  Consider a time series of x1………………xn traffic activity (say, in bits/bytes/packets/flows per sample).  ... 
arXiv:1308.5310v1 fatcat:cytfvychsbgoxbsgodsu6ux6s4

Automated Classification of Network Traffic Anomalies [chapter]

Guilherme Fernandes, Philippe Owezarski
2009 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
directly related to the anomaly; and (iii) classify the anomaly using these metrics in a signature-based approach.  ...  Network traffic anomalies detection and characterization has been a hot topic of research for many years.  ...  Acknowledgment This work has been done in the framework of the ECODE project funded by the European commission under grant FP7-ICT-2007-2/223936.  ... 
doi:10.1007/978-3-642-05284-2_6 fatcat:c5echqmsibasdnh377sfewrshm

Applying multiple time series data mining to large-scale network traffic analysis

Weisong He, Guangmin Hu, Xingmiao Yao, Guangyuan Kan, Hong Wang, Hongmei Xiang
2008 2008 IEEE Conference on Cybernetics and Intelligent Systems  
This paper propose a large-scale communications network traffic feature analysis method using multiple time series data mining, analyze multiple traffic feature time series as a whole, produce valid association  ...  rules of abnormal network traffic feature, characterize the entire communication network security situation accurately.  ...  Flow level traffic analysis is based on flow classification, collecting statistical information of each flow and providing performance information of users on medium granularity, which makes characterizing  ... 
doi:10.1109/iccis.2008.4670844 fatcat:ojio5mbfe5hwrdqhms3esihcrq

Network Traffic Decomposition for Anomaly Detection [article]

Tahereh Babaie, Sanjay Chawla, Sebastien Ardon
2014 arXiv   pre-print
traffic data.  ...  In the process we also address the issue of robustness of anomaly detection systems in a principled fashion.  ...  Thus DoS like anomalies cause high temporal variation (within flows correlation) in the responsible flows and can be detected using techniques based on time series analysis.  ... 
arXiv:1403.0157v1 fatcat:shivvgkiqfgethttsitnlfy5l4

Sub-Space Clustering and Evidence Accumulation for Unsupervised Network Anomaly Detection [chapter]

Johan Mazel, Pedro Casas, Philippe Owezarski
2011 Lecture Notes in Computer Science  
Unsupervised characterization is achieved by exploring inter-flows structure from multiple outlooks, building filtering rules to describe a detected anomaly.  ...  flows.  ...  Acknowledgments This work has been done in the framework of the ECODE project, funded by the European commission under grant FP7-ICT-2007-2/223936.  ... 
doi:10.1007/978-3-642-20305-3_2 fatcat:utoflnzigfa4fjpzdz5qgt7lni

Hunting attacks in the dark: clustering and correlation analysis for unsupervised anomaly detection

Johan Mazel, Pedro Casas, Romain Fontugne, Kensuke Fukuda, Philippe Owezarski
2015 International Journal of Network Management  
In this paper we introduce a powerful unsupervised approach to detect and characterize network anomalies in the dark, i.e., without relying on signatures or labeled traffic.  ...  The system is extensively tested with real traffic from the WIDE backbone network, spanning six years of flows captured from a transpacific link between Japan and the US, using the MAWILab framework for  ...  In our case and for the sake of simplicity, we use the absolute deltoids approach [44] (i.e., basically a change-detector based on mean and variance of a time series), based on volume metric time series  ... 
doi:10.1002/nem.1903 fatcat:h5yesz62vjhzvpdvq3ejmlllde

Anomaly detection using the correlational paraconsistent machine with digital signatures of network segment

Eduardo H.M. Pena, Luiz F. Carvalho, Sylvio Barbon Jr., Joel J.P.C. Rodrigues, Mario Lemes Proença Jr.
2017 Information Sciences  
inspect irregularities at the network traffic flow level.  ...  This study presents the correlational paraconsistent machine (CPM), a tool for anomaly detection that incorporates unsupervised models for traffic characterization and principles of paraconsistency, to  ...  The method was applied in the flow time series of the traffic coming from randomly sampled data captured in routers from an academic Internet backbone.  ... 
doi:10.1016/j.ins.2017.08.074 fatcat:75yshcghabc35pu4hswnie6qki

Anomaly Detection Approaches for Communication Networks [chapter]

Marina Thottan, Guanglei Liu, Chuanyi Ji
2010 Computer Communications and Networks  
In network security, the interest lies in characterizing known or unknown anomalous patterns of an attack or a virus.  ...  In network monitoring, a service provider is often interested in capturing such network characteristics as heavy flows that use a link with a given capacity, flow size distributions, and the number of  ...  The source of the anomalous traffic can then be pinpointed by determining the ingress and egress points of different traffic flows. In the series of work [30, 31, 32] , Lakhina et al.  ... 
doi:10.1007/978-1-84882-765-3_11 dblp:series/ccn/ThottanLJ10 fatcat:md23gj62mjc6jfbc3rfxyzz73a

Steps Towards Autonomous Network Security: Unsupervised Detection of Network Attacks

P Casas, J Mazel, P Owezarski
2011 2011 4th IFIP International Conference on New Technologies, Mobility and Security  
The method uses robust clustering techniques to detect anomalous traffic flows, sequentially captured in a temporal sliding-window basis.  ...  The structure of the anomaly identified by the clustering algorithms is used to automatically construct specific filtering rules that characterize its nature, providing easy-to-interpret information to  ...  For doing so, time series Z li t are built for basic traffic metrics such as number of bytes, packets, and IP flows per time slot, using the 9 flow resolutions l 1...9 .  ... 
doi:10.1109/ntms.2011.5721067 dblp:conf/ntms/CasasMO11 fatcat:ird4xlm4tvh3zhkvmsiaymvxpi

Flow-based intrusion detection

Anna Sperotto, Aiko Pras
2011 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops  
Research Question 2: How can traffic anomalies be characterized in time series derived from flow data? In our research, we focused on anomaly characterization in time series.  ...  We proposed a modeling approach for flow-based traffic time series based on HMMs.  ... 
doi:10.1109/inm.2011.5990529 dblp:conf/im/SperottoP11 fatcat:3taxkdmppfdfvpqr6i4t2ayjbi
« Previous Showing results 1 — 15 out of 11,424 results