Detection of abrupt changes: theory and application
Detection of abrupt changes: theory and application
Computer System and Network Security
Computer System and Network Security
IEEE Security and Privacy
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Worm evolution tracking via timing analysis
Proceedings of the 2005 ACM workshop on Rapid malcode
Defending Against TCP SYN Flooding Attacks Under Different Types of IP Spoofing
ICNICONSMCL '06 Proceedings of the International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies
Exploiting underlying structure for detailed reconstruction of an internet-scale event
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Collapsar: a VM-based architecture for network attack detention center
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A Novel Sliding Window Based Change Detection Algorithm for Asymmetric Traffic
NPC '08 Proceedings of the 2008 IFIP International Conference on Network and Parallel Computing
Wavelet-Based Unwanted Traffic Time Series Analysis
ICCEE '08 Proceedings of the 2008 International Conference on Computer and Electrical Engineering
Effective Change Detection in Large Repositories of Unsolicited Traffic
ICIMP '09 Proceedings of the 2009 Fourth International Conference on Internet Monitoring and Protection
Application of anomaly detection algorithms for detecting SYN flooding attacks
Computer Communications
Anomaly detection in IP networks
IEEE Transactions on Signal Processing
IEEE Transactions on Signal Processing
Statistical analysis of network traffic for adaptive faults detection
IEEE Transactions on Neural Networks
Hi-index | 0.00 |
Monitoring unused (or o n dark d efault) IP addresses offers opportunities to extract useful information about both on-going and new attack patterns. In recent years, different techniques have been used to analyze such traffic including sequential analysis where a change in traffic behavior, for example change in mean, is used as an indication of malicious activity. Change points themselves say little about detected change; further data processing is necessary for the extraction of useful information and to identify the exact cause of the detected change which is limited due to the size and nature of observed traffic. In this paper, we address the problem of analyzing a large volume of such traffic by correlating change points identified in different traffic parameters. The significance of the proposed technique is two-fold. Firstly, automatic extraction of information related to change points by correlating change points detected across multiple traffic parameters. Secondly, validation of the detected change point by the simultaneous presence of another change point in a different parameter. Using a real network trace collected from unused IP addresses, we demonstrate that the proposed technique enables us to not only validate the change point but also extract useful information about the causes of change points.