Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Use of the Hough transformation to detect lines and curves in pictures
Communications of the ACM
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
IEEE Transactions on Dependable and Secure Computing
Detection and identification of network anomalies using sketch subspaces
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Traffic data repository at the WIDE project
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Proceedings of the 2007 workshop on Large scale attack defense
NADA - network anomaly detection algorithm
DSOM'07 Proceedings of the Distributed systems: operations and management 18th IFIP/IEEE international conference on Managing virtualization of networks and services
Wavelet analysis of long-range-dependent traffic
IEEE Transactions on Information Theory
Towards systematic traffic annotation
Proceedings of the 5th international student workshop on Emerging networking experiments and technologies
A visualization tool for exploring multi-scale network traffic anomalies
SPECTS'09 Proceedings of the 12th international conference on Symposium on Performance Evaluation of Computer & Telecommunication Systems
Anomaly detection in IP networks with principal component analysis
ISCIT'09 Proceedings of the 9th international conference on Communications and information technologies
| Hi-index | 0.00 |
This paper discusses the possibility of applying an image-processing technique to detecting anomalies in Internet traffic, which is different from traditional techniques of detecting anomalies. We first demonstrate that anomalous packet behavior in darknet traces often has a characteristic multi-scale structure in time and space (e.g., in addresses or ports). These observed structures consist of abnormal and non random uses of particular traffic features. From the observations, we propose a new type of algorithm for detecting anomalies based on a technique of pattern recognition. The key idea underlying our algorithm is that anomalous activities appear as "lines" on temporal-spatial planes, which are easily identified by an edge-detection algorithm. Also, the application of a clustering technique to the lines obtained helps in classifying and labeling the numerous anomalies detected. The proposed algorithm was used to blindly analyze packet traffic traces collected from a trans-Pacific transit link. Furthermore, we compared the anomalies detected by our algorithm with those found by a statistical-based algorithm. Consequently, the comparison revealed that the two algorithms found mainly the same anomalies but some were of various different characteristic types.