Fault detection in an Ethernet network using anomaly signature matching
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Estimating flow distributions from sampled flow statistics
IEEE/ACM Transactions on Networking (TON)
On traffic prediction for resource allocation: A Chebyshev bound based allocation scheme
Computer Communications
Impact of Packet Sampling on Portscan Detection
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
This paper proposes the inclusion of two traffic forecasting frameworks in traffic sampling paradigm. The proposed frameworks: namely, the pattern forecasting and the attack forecasting, predicts the occurrence of traffic deviation and examines the existence of malicious attack in the traffic deviation, respectively. While the former utilizes the ARAR model to forecast the network traffic, the latter exploits the statistical likelihood function to determine whether any malicious attack is the origin of the traffic deviation. In addition, a dynamic weight assignment strategy is proposed to further improve the efficiency of the sampling strategy. Performance evaluation indicates that the inclusion of both forecasting frameworks and dynamic weight assignment in the sampling strategy can improve the accuracy and scalability of the anomaly detection.