Real-Time and Self-adaptive Method for Abnormal Traffic Detection Based on Self-similarity

Authors:
Zhengmin Xia;Songnian Lu;Jianhua Li;Jin Ma
Affiliations:
Department of Electronic Engineering, Key Lab of Information Security Integrated Management Research, Shanghai Jiao Tong University, Shanghai, P.R. China 200240;Department of Electronic Engineering, Key Lab of Information Security Integrated Management Research, Shanghai Jiao Tong University, Shanghai, P.R. China 200240 and School of Information Security ...;Department of Electronic Engineering, Key Lab of Information Security Integrated Management Research, Shanghai Jiao Tong University, Shanghai, P.R. China 200240 and School of Information Security ...;School of Information Security Engineering, Key Lab of Information Security Integrated Management Research, Shanghai Jiao Tong University, Shanghai, P.R. China 200240
Venue:
WISM '09 Proceedings of the International Conference on Web Information Systems and Mining
Year:
2009

Citing 8
Cited 0

On the self-similar nature of Ethernet traffic (extended version)

IEEE/ACM Transactions on Networking (TON)
Wide area traffic: the failure of Poisson modeling

IEEE/ACM Transactions on Networking (TON)
Self-similarity in World Wide Web traffic: evidence and possible causes

IEEE/ACM Transactions on Networking (TON)
Real-time estimation of the parameters of long-range dependence

IEEE/ACM Transactions on Networking (TON)
Random Data: Analysis and Measurement Procedures

Random Data: Analysis and Measurement Procedures
On the wavelet spectrum diagnostic for Hurst parameter estimation in the analysis of Internet traffic

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue: Long range dependent trafic
Practical test-functions generated by computer algorithms

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III
Wavelet analysis of long-range-dependent traffic

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

Abnormal traffic detection is a difficult problem in network management and network security. This paper proposes an abnormal traffic detection method based on a continuous LoSS (loss of self-similarity) through comparing the difference of Hurst parameter distribution under the network normal and abnormal traffic time series conditions. Due to the needs of fast and high accuracy for abnormal traffic detection, the on-line version of the Abry-Veitch wavelet-based estimator of the Hurst parameter in large time-scale is proposed, and the detection threshold could self-adjusted according to the extent of network traffic self-similarity under normal conditions. This work also investigates the effect of the parameters adjustment on the performance of abnormal traffic detection. The test results on data set from Lincoln lab of MIT demonstrate that the new abnormal traffic detection method has the characteristics of dynamic self-adaptive and higher detection rate, and can be implemented in a real-time way.